n4auth/node_modules/@azure/msal-node/dist/msal-node.cjs.production.min.js.map

{"version":3,"file":"msal-node.cjs.production.min.js","sources":["../src/utils/Constants.ts","../node_modules/regenerator-runtime/runtime.js","../src/network/HttpClient.ts","../src/config/Configuration.ts","../src/utils/NetworkUtils.ts","../src/crypto/GuidGenerator.ts","../src/utils/EncodingUtils.ts","../src/crypto/PkceGenerator.ts","../src/crypto/CryptoProvider.ts","../src/cache/serializer/Deserializer.ts","../src/cache/serializer/Serializer.ts","../src/cache/NodeStorage.ts","../src/cache/TokenCache.ts","../src/client/ClientApplication.ts","../src/packageMetadata.ts","../src/client/PublicClientApplication.ts","../src/client/ClientAssertion.ts","../src/client/ConfidentialClientApplication.ts"],"sourcesContent":["/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\n/**\r\n * http methods\r\n */\r\nexport enum HttpMethod {\r\n    GET = \"get\",\r\n    POST = \"post\",\r\n}\r\n\r\n/**\r\n * Constant used for PKCE\r\n */\r\nexport const RANDOM_OCTET_SIZE = 32;\r\n\r\n/**\r\n * Constants used in PKCE\r\n */\r\nexport const Hash = {\r\n    SHA256: \"sha256\",\r\n};\r\n\r\n/**\r\n * Constants for encoding schemes\r\n */\r\nexport const CharSet = {\r\n    CV_CHARSET:\r\n        \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~\",\r\n};\r\n\r\n/**\r\n * Cache Constants\r\n */\r\nexport const CACHE = {\r\n    FILE_CACHE: \"fileCache\",\r\n    EXTENSION_LIB: \"extenstion_library\",\r\n};\r\n\r\n/**\r\n * Constants\r\n */\r\nexport const Constants = {\r\n    MSAL_SKU: \"msal.js.node\",\r\n    JWT_BEARER_ASSERTION_TYPE: \"urn:ietf:params:oauth:client-assertion-type:jwt-bearer\"\r\n};\r\n\r\n/**\r\n * API Codes for Telemetry purposes.\r\n * Before adding a new code you must claim it in the MSAL Telemetry tracker as these number spaces are shared across all MSALs\r\n * 0-99 Silent Flow\r\n * 600-699 Device Code Flow\r\n * 800-899 Auth Code Flow\r\n */\r\nexport enum ApiId {\r\n    acquireTokenSilent = 62,\r\n    acquireTokenByUsernamePassword = 371,\r\n    acquireTokenByDeviceCode = 671,\r\n    acquireTokenByClientCredential = 771,\r\n    acquireTokenByCode = 871,\r\n    acquireTokenByRefreshToken = 872\r\n}\r\n\r\n/**\r\n * JWT  constants\r\n */\r\nexport const JwtConstants = {\r\n    ALGORITHM: \"alg\",\r\n    RSA_256: \"RS256\",\r\n    X5T: \"x5t\", \r\n    X5C: \"x5c\",\r\n    AUDIENCE: \"aud\",\r\n    EXPIRATION_TIME: \"exp\",\r\n    ISSUER: \"iss\",\r\n    SUBJECT: \"sub\",\r\n    NOT_BEFORE: \"nbf\",\r\n    JWT_ID: \"jti\",\r\n};\r\n","/**\n * Copyright (c) 2014-present, Facebook, Inc.\n *\n * This source code is licensed under the MIT license found in the\n * LICENSE file in the root directory of this source tree.\n */\n\nvar runtime = (function (exports) {\n  \"use strict\";\n\n  var Op = Object.prototype;\n  var hasOwn = Op.hasOwnProperty;\n  var undefined; // More compressible than void 0.\n  var $Symbol = typeof Symbol === \"function\" ? Symbol : {};\n  var iteratorSymbol = $Symbol.iterator || \"@@iterator\";\n  var asyncIteratorSymbol = $Symbol.asyncIterator || \"@@asyncIterator\";\n  var toStringTagSymbol = $Symbol.toStringTag || \"@@toStringTag\";\n\n  function define(obj, key, value) {\n    Object.defineProperty(obj, key, {\n      value: value,\n      enumerable: true,\n      configurable: true,\n      writable: true\n    });\n    return obj[key];\n  }\n  try {\n    // IE 8 has a broken Object.defineProperty that only works on DOM objects.\n    define({}, \"\");\n  } catch (err) {\n    define = function(obj, key, value) {\n      return obj[key] = value;\n    };\n  }\n\n  function wrap(innerFn, outerFn, self, tryLocsList) {\n    // If outerFn provided and outerFn.prototype is a Generator, then outerFn.prototype instanceof Generator.\n    var protoGenerator = outerFn && outerFn.prototype instanceof Generator ? outerFn : Generator;\n    var generator = Object.create(protoGenerator.prototype);\n    var context = new Context(tryLocsList || []);\n\n    // The ._invoke method unifies the implementations of the .next,\n    // .throw, and .return methods.\n    generator._invoke = makeInvokeMethod(innerFn, self, context);\n\n    return generator;\n  }\n  exports.wrap = wrap;\n\n  // Try/catch helper to minimize deoptimizations. Returns a completion\n  // record like context.tryEntries[i].completion. This interface could\n  // have been (and was previously) designed to take a closure to be\n  // invoked without arguments, but in all the cases we care about we\n  // already have an existing method we want to call, so there's no need\n  // to create a new function object. We can even get away with assuming\n  // the method takes exactly one argument, since that happens to be true\n  // in every case, so we don't have to touch the arguments object. The\n  // only additional allocation required is the completion record, which\n  // has a stable shape and so hopefully should be cheap to allocate.\n  function tryCatch(fn, obj, arg) {\n    try {\n      return { type: \"normal\", arg: fn.call(obj, arg) };\n    } catch (err) {\n      return { type: \"throw\", arg: err };\n    }\n  }\n\n  var GenStateSuspendedStart = \"suspendedStart\";\n  var GenStateSuspendedYield = \"suspendedYield\";\n  var GenStateExecuting = \"executing\";\n  var GenStateCompleted = \"completed\";\n\n  // Returning this object from the innerFn has the same effect as\n  // breaking out of the dispatch switch statement.\n  var ContinueSentinel = {};\n\n  // Dummy constructor functions that we use as the .constructor and\n  // .constructor.prototype properties for functions that return Generator\n  // objects. For full spec compliance, you may wish to configure your\n  // minifier not to mangle the names of these two functions.\n  function Generator() {}\n  function GeneratorFunction() {}\n  function GeneratorFunctionPrototype() {}\n\n  // This is a polyfill for %IteratorPrototype% for environments that\n  // don't natively support it.\n  var IteratorPrototype = {};\n  IteratorPrototype[iteratorSymbol] = function () {\n    return this;\n  };\n\n  var getProto = Object.getPrototypeOf;\n  var NativeIteratorPrototype = getProto && getProto(getProto(values([])));\n  if (NativeIteratorPrototype &&\n      NativeIteratorPrototype !== Op &&\n      hasOwn.call(NativeIteratorPrototype, iteratorSymbol)) {\n    // This environment has a native %IteratorPrototype%; use it instead\n    // of the polyfill.\n    IteratorPrototype = NativeIteratorPrototype;\n  }\n\n  var Gp = GeneratorFunctionPrototype.prototype =\n    Generator.prototype = Object.create(IteratorPrototype);\n  GeneratorFunction.prototype = Gp.constructor = GeneratorFunctionPrototype;\n  GeneratorFunctionPrototype.constructor = GeneratorFunction;\n  GeneratorFunction.displayName = define(\n    GeneratorFunctionPrototype,\n    toStringTagSymbol,\n    \"GeneratorFunction\"\n  );\n\n  // Helper for defining the .next, .throw, and .return methods of the\n  // Iterator interface in terms of a single ._invoke method.\n  function defineIteratorMethods(prototype) {\n    [\"next\", \"throw\", \"return\"].forEach(function(method) {\n      define(prototype, method, function(arg) {\n        return this._invoke(method, arg);\n      });\n    });\n  }\n\n  exports.isGeneratorFunction = function(genFun) {\n    var ctor = typeof genFun === \"function\" && genFun.constructor;\n    return ctor\n      ? ctor === GeneratorFunction ||\n        // For the native GeneratorFunction constructor, the best we can\n        // do is to check its .name property.\n        (ctor.displayName || ctor.name) === \"GeneratorFunction\"\n      : false;\n  };\n\n  exports.mark = function(genFun) {\n    if (Object.setPrototypeOf) {\n      Object.setPrototypeOf(genFun, GeneratorFunctionPrototype);\n    } else {\n      genFun.__proto__ = GeneratorFunctionPrototype;\n      define(genFun, toStringTagSymbol, \"GeneratorFunction\");\n    }\n    genFun.prototype = Object.create(Gp);\n    return genFun;\n  };\n\n  // Within the body of any async function, `await x` is transformed to\n  // `yield regeneratorRuntime.awrap(x)`, so that the runtime can test\n  // `hasOwn.call(value, \"__await\")` to determine if the yielded value is\n  // meant to be awaited.\n  exports.awrap = function(arg) {\n    return { __await: arg };\n  };\n\n  function AsyncIterator(generator, PromiseImpl) {\n    function invoke(method, arg, resolve, reject) {\n      var record = tryCatch(generator[method], generator, arg);\n      if (record.type === \"throw\") {\n        reject(record.arg);\n      } else {\n        var result = record.arg;\n        var value = result.value;\n        if (value &&\n            typeof value === \"object\" &&\n            hasOwn.call(value, \"__await\")) {\n          return PromiseImpl.resolve(value.__await).then(function(value) {\n            invoke(\"next\", value, resolve, reject);\n          }, function(err) {\n            invoke(\"throw\", err, resolve, reject);\n          });\n        }\n\n        return PromiseImpl.resolve(value).then(function(unwrapped) {\n          // When a yielded Promise is resolved, its final value becomes\n          // the .value of the Promise<{value,done}> result for the\n          // current iteration.\n          result.value = unwrapped;\n          resolve(result);\n        }, function(error) {\n          // If a rejected Promise was yielded, throw the rejection back\n          // into the async generator function so it can be handled there.\n          return invoke(\"throw\", error, resolve, reject);\n        });\n      }\n    }\n\n    var previousPromise;\n\n    function enqueue(method, arg) {\n      function callInvokeWithMethodAndArg() {\n        return new PromiseImpl(function(resolve, reject) {\n          invoke(method, arg, resolve, reject);\n        });\n      }\n\n      return previousPromise =\n        // If enqueue has been called before, then we want to wait until\n        // all previous Promises have been resolved before calling invoke,\n        // so that results are always delivered in the correct order. If\n        // enqueue has not been called before, then it is important to\n        // call invoke immediately, without waiting on a callback to fire,\n        // so that the async generator function has the opportunity to do\n        // any necessary setup in a predictable way. This predictability\n        // is why the Promise constructor synchronously invokes its\n        // executor callback, and why async functions synchronously\n        // execute code before the first await. Since we implement simple\n        // async functions in terms of async generators, it is especially\n        // important to get this right, even though it requires care.\n        previousPromise ? previousPromise.then(\n          callInvokeWithMethodAndArg,\n          // Avoid propagating failures to Promises returned by later\n          // invocations of the iterator.\n          callInvokeWithMethodAndArg\n        ) : callInvokeWithMethodAndArg();\n    }\n\n    // Define the unified helper method that is used to implement .next,\n    // .throw, and .return (see defineIteratorMethods).\n    this._invoke = enqueue;\n  }\n\n  defineIteratorMethods(AsyncIterator.prototype);\n  AsyncIterator.prototype[asyncIteratorSymbol] = function () {\n    return this;\n  };\n  exports.AsyncIterator = AsyncIterator;\n\n  // Note that simple async functions are implemented on top of\n  // AsyncIterator objects; they just return a Promise for the value of\n  // the final result produced by the iterator.\n  exports.async = function(innerFn, outerFn, self, tryLocsList, PromiseImpl) {\n    if (PromiseImpl === void 0) PromiseImpl = Promise;\n\n    var iter = new AsyncIterator(\n      wrap(innerFn, outerFn, self, tryLocsList),\n      PromiseImpl\n    );\n\n    return exports.isGeneratorFunction(outerFn)\n      ? iter // If outerFn is a generator, return the full iterator.\n      : iter.next().then(function(result) {\n          return result.done ? result.value : iter.next();\n        });\n  };\n\n  function makeInvokeMethod(innerFn, self, context) {\n    var state = GenStateSuspendedStart;\n\n    return function invoke(method, arg) {\n      if (state === GenStateExecuting) {\n        throw new Error(\"Generator is already running\");\n      }\n\n      if (state === GenStateCompleted) {\n        if (method === \"throw\") {\n          throw arg;\n        }\n\n        // Be forgiving, per 25.3.3.3.3 of the spec:\n        // https://people.mozilla.org/~jorendorff/es6-draft.html#sec-generatorresume\n        return doneResult();\n      }\n\n      context.method = method;\n      context.arg = arg;\n\n      while (true) {\n        var delegate = context.delegate;\n        if (delegate) {\n          var delegateResult = maybeInvokeDelegate(delegate, context);\n          if (delegateResult) {\n            if (delegateResult === ContinueSentinel) continue;\n            return delegateResult;\n          }\n        }\n\n        if (context.method === \"next\") {\n          // Setting context._sent for legacy support of Babel's\n          // function.sent implementation.\n          context.sent = context._sent = context.arg;\n\n        } else if (context.method === \"throw\") {\n          if (state === GenStateSuspendedStart) {\n            state = GenStateCompleted;\n            throw context.arg;\n          }\n\n          context.dispatchException(context.arg);\n\n        } else if (context.method === \"return\") {\n          context.abrupt(\"return\", context.arg);\n        }\n\n        state = GenStateExecuting;\n\n        var record = tryCatch(innerFn, self, context);\n        if (record.type === \"normal\") {\n          // If an exception is thrown from innerFn, we leave state ===\n          // GenStateExecuting and loop back for another invocation.\n          state = context.done\n            ? GenStateCompleted\n            : GenStateSuspendedYield;\n\n          if (record.arg === ContinueSentinel) {\n            continue;\n          }\n\n          return {\n            value: record.arg,\n            done: context.done\n          };\n\n        } else if (record.type === \"throw\") {\n          state = GenStateCompleted;\n          // Dispatch the exception by looping back around to the\n          // context.dispatchException(context.arg) call above.\n          context.method = \"throw\";\n          context.arg = record.arg;\n        }\n      }\n    };\n  }\n\n  // Call delegate.iterator[context.method](context.arg) and handle the\n  // result, either by returning a { value, done } result from the\n  // delegate iterator, or by modifying context.method and context.arg,\n  // setting context.delegate to null, and returning the ContinueSentinel.\n  function maybeInvokeDelegate(delegate, context) {\n    var method = delegate.iterator[context.method];\n    if (method === undefined) {\n      // A .throw or .return when the delegate iterator has no .throw\n      // method always terminates the yield* loop.\n      context.delegate = null;\n\n      if (context.method === \"throw\") {\n        // Note: [\"return\"] must be used for ES3 parsing compatibility.\n        if (delegate.iterator[\"return\"]) {\n          // If the delegate iterator has a return method, give it a\n          // chance to clean up.\n          context.method = \"return\";\n          context.arg = undefined;\n          maybeInvokeDelegate(delegate, context);\n\n          if (context.method === \"throw\") {\n            // If maybeInvokeDelegate(context) changed context.method from\n            // \"return\" to \"throw\", let that override the TypeError below.\n            return ContinueSentinel;\n          }\n        }\n\n        context.method = \"throw\";\n        context.arg = new TypeError(\n          \"The iterator does not provide a 'throw' method\");\n      }\n\n      return ContinueSentinel;\n    }\n\n    var record = tryCatch(method, delegate.iterator, context.arg);\n\n    if (record.type === \"throw\") {\n      context.method = \"throw\";\n      context.arg = record.arg;\n      context.delegate = null;\n      return ContinueSentinel;\n    }\n\n    var info = record.arg;\n\n    if (! info) {\n      context.method = \"throw\";\n      context.arg = new TypeError(\"iterator result is not an object\");\n      context.delegate = null;\n      return ContinueSentinel;\n    }\n\n    if (info.done) {\n      // Assign the result of the finished delegate to the temporary\n      // variable specified by delegate.resultName (see delegateYield).\n      context[delegate.resultName] = info.value;\n\n      // Resume execution at the desired location (see delegateYield).\n      context.next = delegate.nextLoc;\n\n      // If context.method was \"throw\" but the delegate handled the\n      // exception, let the outer generator proceed normally. If\n      // context.method was \"next\", forget context.arg since it has been\n      // \"consumed\" by the delegate iterator. If context.method was\n      // \"return\", allow the original .return call to continue in the\n      // outer generator.\n      if (context.method !== \"return\") {\n        context.method = \"next\";\n        context.arg = undefined;\n      }\n\n    } else {\n      // Re-yield the result returned by the delegate method.\n      return info;\n    }\n\n    // The delegate iterator is finished, so forget it and continue with\n    // the outer generator.\n    context.delegate = null;\n    return ContinueSentinel;\n  }\n\n  // Define Generator.prototype.{next,throw,return} in terms of the\n  // unified ._invoke helper method.\n  defineIteratorMethods(Gp);\n\n  define(Gp, toStringTagSymbol, \"Generator\");\n\n  // A Generator should always return itself as the iterator object when the\n  // @@iterator function is called on it. Some browsers' implementations of the\n  // iterator prototype chain incorrectly implement this, causing the Generator\n  // object to not be returned from this call. This ensures that doesn't happen.\n  // See https://github.com/facebook/regenerator/issues/274 for more details.\n  Gp[iteratorSymbol] = function() {\n    return this;\n  };\n\n  Gp.toString = function() {\n    return \"[object Generator]\";\n  };\n\n  function pushTryEntry(locs) {\n    var entry = { tryLoc: locs[0] };\n\n    if (1 in locs) {\n      entry.catchLoc = locs[1];\n    }\n\n    if (2 in locs) {\n      entry.finallyLoc = locs[2];\n      entry.afterLoc = locs[3];\n    }\n\n    this.tryEntries.push(entry);\n  }\n\n  function resetTryEntry(entry) {\n    var record = entry.completion || {};\n    record.type = \"normal\";\n    delete record.arg;\n    entry.completion = record;\n  }\n\n  function Context(tryLocsList) {\n    // The root entry object (effectively a try statement without a catch\n    // or a finally block) gives us a place to store values thrown from\n    // locations where there is no enclosing try statement.\n    this.tryEntries = [{ tryLoc: \"root\" }];\n    tryLocsList.forEach(pushTryEntry, this);\n    this.reset(true);\n  }\n\n  exports.keys = function(object) {\n    var keys = [];\n    for (var key in object) {\n      keys.push(key);\n    }\n    keys.reverse();\n\n    // Rather than returning an object with a next method, we keep\n    // things simple and return the next function itself.\n    return function next() {\n      while (keys.length) {\n        var key = keys.pop();\n        if (key in object) {\n          next.value = key;\n          next.done = false;\n          return next;\n        }\n      }\n\n      // To avoid creating an additional object, we just hang the .value\n      // and .done properties off the next function object itself. This\n      // also ensures that the minifier will not anonymize the function.\n      next.done = true;\n      return next;\n    };\n  };\n\n  function values(iterable) {\n    if (iterable) {\n      var iteratorMethod = iterable[iteratorSymbol];\n      if (iteratorMethod) {\n        return iteratorMethod.call(iterable);\n      }\n\n      if (typeof iterable.next === \"function\") {\n        return iterable;\n      }\n\n      if (!isNaN(iterable.length)) {\n        var i = -1, next = function next() {\n          while (++i < iterable.length) {\n            if (hasOwn.call(iterable, i)) {\n              next.value = iterable[i];\n              next.done = false;\n              return next;\n            }\n          }\n\n          next.value = undefined;\n          next.done = true;\n\n          return next;\n        };\n\n        return next.next = next;\n      }\n    }\n\n    // Return an iterator with no values.\n    return { next: doneResult };\n  }\n  exports.values = values;\n\n  function doneResult() {\n    return { value: undefined, done: true };\n  }\n\n  Context.prototype = {\n    constructor: Context,\n\n    reset: function(skipTempReset) {\n      this.prev = 0;\n      this.next = 0;\n      // Resetting context._sent for legacy support of Babel's\n      // function.sent implementation.\n      this.sent = this._sent = undefined;\n      this.done = false;\n      this.delegate = null;\n\n      this.method = \"next\";\n      this.arg = undefined;\n\n      this.tryEntries.forEach(resetTryEntry);\n\n      if (!skipTempReset) {\n        for (var name in this) {\n          // Not sure about the optimal order of these conditions:\n          if (name.charAt(0) === \"t\" &&\n              hasOwn.call(this, name) &&\n              !isNaN(+name.slice(1))) {\n            this[name] = undefined;\n          }\n        }\n      }\n    },\n\n    stop: function() {\n      this.done = true;\n\n      var rootEntry = this.tryEntries[0];\n      var rootRecord = rootEntry.completion;\n      if (rootRecord.type === \"throw\") {\n        throw rootRecord.arg;\n      }\n\n      return this.rval;\n    },\n\n    dispatchException: function(exception) {\n      if (this.done) {\n        throw exception;\n      }\n\n      var context = this;\n      function handle(loc, caught) {\n        record.type = \"throw\";\n        record.arg = exception;\n        context.next = loc;\n\n        if (caught) {\n          // If the dispatched exception was caught by a catch block,\n          // then let that catch block handle the exception normally.\n          context.method = \"next\";\n          context.arg = undefined;\n        }\n\n        return !! caught;\n      }\n\n      for (var i = this.tryEntries.length - 1; i >= 0; --i) {\n        var entry = this.tryEntries[i];\n        var record = entry.completion;\n\n        if (entry.tryLoc === \"root\") {\n          // Exception thrown outside of any try block that could handle\n          // it, so set the completion value of the entire function to\n          // throw the exception.\n          return handle(\"end\");\n        }\n\n        if (entry.tryLoc <= this.prev) {\n          var hasCatch = hasOwn.call(entry, \"catchLoc\");\n          var hasFinally = hasOwn.call(entry, \"finallyLoc\");\n\n          if (hasCatch && hasFinally) {\n            if (this.prev < entry.catchLoc) {\n              return handle(entry.catchLoc, true);\n            } else if (this.prev < entry.finallyLoc) {\n              return handle(entry.finallyLoc);\n            }\n\n          } else if (hasCatch) {\n            if (this.prev < entry.catchLoc) {\n              return handle(entry.catchLoc, true);\n            }\n\n          } else if (hasFinally) {\n            if (this.prev < entry.finallyLoc) {\n              return handle(entry.finallyLoc);\n            }\n\n          } else {\n            throw new Error(\"try statement without catch or finally\");\n          }\n        }\n      }\n    },\n\n    abrupt: function(type, arg) {\n      for (var i = this.tryEntries.length - 1; i >= 0; --i) {\n        var entry = this.tryEntries[i];\n        if (entry.tryLoc <= this.prev &&\n            hasOwn.call(entry, \"finallyLoc\") &&\n            this.prev < entry.finallyLoc) {\n          var finallyEntry = entry;\n          break;\n        }\n      }\n\n      if (finallyEntry &&\n          (type === \"break\" ||\n           type === \"continue\") &&\n          finallyEntry.tryLoc <= arg &&\n          arg <= finallyEntry.finallyLoc) {\n        // Ignore the finally entry if control is not jumping to a\n        // location outside the try/catch block.\n        finallyEntry = null;\n      }\n\n      var record = finallyEntry ? finallyEntry.completion : {};\n      record.type = type;\n      record.arg = arg;\n\n      if (finallyEntry) {\n        this.method = \"next\";\n        this.next = finallyEntry.finallyLoc;\n        return ContinueSentinel;\n      }\n\n      return this.complete(record);\n    },\n\n    complete: function(record, afterLoc) {\n      if (record.type === \"throw\") {\n        throw record.arg;\n      }\n\n      if (record.type === \"break\" ||\n          record.type === \"continue\") {\n        this.next = record.arg;\n      } else if (record.type === \"return\") {\n        this.rval = this.arg = record.arg;\n        this.method = \"return\";\n        this.next = \"end\";\n      } else if (record.type === \"normal\" && afterLoc) {\n        this.next = afterLoc;\n      }\n\n      return ContinueSentinel;\n    },\n\n    finish: function(finallyLoc) {\n      for (var i = this.tryEntries.length - 1; i >= 0; --i) {\n        var entry = this.tryEntries[i];\n        if (entry.finallyLoc === finallyLoc) {\n          this.complete(entry.completion, entry.afterLoc);\n          resetTryEntry(entry);\n          return ContinueSentinel;\n        }\n      }\n    },\n\n    \"catch\": function(tryLoc) {\n      for (var i = this.tryEntries.length - 1; i >= 0; --i) {\n        var entry = this.tryEntries[i];\n        if (entry.tryLoc === tryLoc) {\n          var record = entry.completion;\n          if (record.type === \"throw\") {\n            var thrown = record.arg;\n            resetTryEntry(entry);\n          }\n          return thrown;\n        }\n      }\n\n      // The context.catch method must only be called with a location\n      // argument that corresponds to a known catch block.\n      throw new Error(\"illegal catch attempt\");\n    },\n\n    delegateYield: function(iterable, resultName, nextLoc) {\n      this.delegate = {\n        iterator: values(iterable),\n        resultName: resultName,\n        nextLoc: nextLoc\n      };\n\n      if (this.method === \"next\") {\n        // Deliberately forget the last sent value so that we don't\n        // accidentally pass it on to the delegate.\n        this.arg = undefined;\n      }\n\n      return ContinueSentinel;\n    }\n  };\n\n  // Regardless of whether this script is executing as a CommonJS module\n  // or not, return the runtime object so that we can declare the variable\n  // regeneratorRuntime in the outer scope, which allows this module to be\n  // injected easily by `bin/regenerator --include-runtime script.js`.\n  return exports;\n\n}(\n  // If this script is executing as a CommonJS module, use module.exports\n  // as the regeneratorRuntime namespace. Otherwise create a new empty\n  // object. Either way, the resulting object will be used to initialize\n  // the regeneratorRuntime variable at the top of this file.\n  typeof module === \"object\" ? module.exports : {}\n));\n\ntry {\n  regeneratorRuntime = runtime;\n} catch (accidentalStrictMode) {\n  // This module should not be running in strict mode, so the above\n  // assignment should always work unless something is misconfigured. Just\n  // in case runtime.js accidentally runs in strict mode, we can escape\n  // strict mode using a global Function call. This could conceivably fail\n  // if a Content Security Policy forbids using Function, but in that case\n  // the proper solution is to fix the accidental strict mode problem. If\n  // you've misconfigured your bundler to force strict mode and applied a\n  // CSP to forbid Function, and you're not willing to fix either of those\n  // problems, please detail your unique predicament in a GitHub issue.\n  Function(\"r\", \"regeneratorRuntime = r\")(runtime);\n}\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport {\r\n    INetworkModule,\r\n    NetworkRequestOptions,\r\n    NetworkResponse,\r\n} from \"@azure/msal-common\";\r\nimport { HttpMethod } from \"../utils/Constants\";\r\nimport axios, { AxiosRequestConfig } from \"axios\";\r\n\r\n/**\r\n * This class implements the API for network requests.\r\n */\r\nexport class HttpClient implements INetworkModule {\r\n\r\n    /**\r\n     * Http Get request\r\n     * @param url\r\n     * @param options\r\n     */\r\n    async sendGetRequestAsync<T>(\r\n        url: string,\r\n        options?: NetworkRequestOptions\r\n    ): Promise<NetworkResponse<T>> {\r\n        const request: AxiosRequestConfig = {\r\n            method: HttpMethod.GET,\r\n            url: url,\r\n            headers: options && options.headers,\r\n            validateStatus: () => true\r\n        };\r\n\r\n        const response = await axios(request);\r\n        return {\r\n            headers: response.headers,\r\n            body: response.data as T,\r\n            status: response.status,\r\n        };\r\n    }\r\n\r\n    /**\r\n     * Http Post request\r\n     * @param url\r\n     * @param options\r\n     */\r\n    async sendPostRequestAsync<T>(\r\n        url: string,\r\n        options?: NetworkRequestOptions\r\n    ): Promise<NetworkResponse<T>> {\r\n        const request: AxiosRequestConfig = {\r\n            method: HttpMethod.POST,\r\n            url: url,\r\n            data: (options && options.body) || \"\",\r\n            headers: options && options.headers,\r\n            validateStatus: () => true\r\n        };\r\n\r\n        const response = await axios(request);\r\n        return {\r\n            headers: response.headers,\r\n            body: response.data as T,\r\n            status: response.status,\r\n        };\r\n    }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport {\r\n    LoggerOptions,\r\n    INetworkModule,\r\n    LogLevel,\r\n    ProtocolMode,\r\n    ICachePlugin, Constants\r\n} from \"@azure/msal-common\";\r\nimport { NetworkUtils } from \"../utils/NetworkUtils\";\r\n\r\n/**\r\n * - clientId               - Client id of the application.\r\n * - authority              - Url of the authority. If no value is set, defaults to https://login.microsoftonline.com/common.\r\n * - knownAuthorities       - Needed for Azure B2C and ADFS. All authorities that will be used in the client application. Only the host of the authority should be passed in.\r\n * - clientSecret           - Secret string that the application uses when requesting a token. Only used in confidential client applications. Can be created in the Azure app registration portal.\r\n * - clientAssertion        - Assertion string that the application uses when requesting a token. Only used in confidential client applications. Assertion should be of type urn:ietf:params:oauth:client-assertion-type:jwt-bearer.\r\n * - clientCertificate      - Certificate that the application uses when requesting a token. Only used in confidential client applications. Requires hex encoded X.509 SHA-1 thumbprint of the certificiate, and the PEM encoded private key (string should contain -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY----- )\r\n * - protocolMode           - Enum that represents the protocol that msal follows. Used for configuring proper endpoints.\r\n * @public\r\n */\r\nexport type NodeAuthOptions = {\r\n    clientId: string;\r\n    authority?: string;\r\n    clientSecret?: string;\r\n    clientAssertion?:string;\r\n    clientCertificate?: {\r\n        thumbprint: string,\r\n        privateKey: string,\r\n        x5c?: string\r\n    };\r\n    knownAuthorities?: Array<string>;\r\n    cloudDiscoveryMetadata?: string;\r\n    authorityMetadata?: string,\r\n    clientCapabilities?: [];\r\n    protocolMode?: ProtocolMode;\r\n};\r\n\r\n/**\r\n * Use this to configure the below cache configuration options:\r\n *\r\n * - cachePlugin   - Plugin for reading and writing token cache to disk.\r\n * @public\r\n */\r\nexport type CacheOptions = {\r\n    cachePlugin?: ICachePlugin;\r\n};\r\n\r\n/**\r\n * Type for configuring logger and http client options\r\n *\r\n * - logger                       - Used to initialize the Logger object; TODO: Expand on logger details or link to the documentation on logger\r\n * - networkClient                - Http client used for all http get and post calls. Defaults to using MSAL's default http client.\r\n * @public\r\n */\r\nexport type NodeSystemOptions = {\r\n    loggerOptions?: LoggerOptions;\r\n    networkClient?: INetworkModule;\r\n};\r\n\r\n/**\r\n * Use the configuration object to configure MSAL and initialize the client application object\r\n *\r\n * - auth: this is where you configure auth elements like clientID, authority used for authenticating against the Microsoft Identity Platform\r\n * - cache: this is where you configure cache location\r\n * - system: this is where you can configure the network client, logger\r\n * @public\r\n */\r\nexport type Configuration = {\r\n    auth: NodeAuthOptions;\r\n    cache?: CacheOptions;\r\n    system?: NodeSystemOptions;\r\n};\r\n\r\nconst DEFAULT_AUTH_OPTIONS: NodeAuthOptions = {\r\n    clientId: \"\",\r\n    authority: Constants.DEFAULT_AUTHORITY,\r\n    clientSecret: \"\",\r\n    clientAssertion: \"\",\r\n    clientCertificate: {\r\n        thumbprint: \"\",\r\n        privateKey: \"\",\r\n        x5c: \"\"\r\n    },\r\n    knownAuthorities: [],\r\n    cloudDiscoveryMetadata: \"\",\r\n    authorityMetadata: \"\",\r\n    clientCapabilities: [],\r\n    protocolMode: ProtocolMode.AAD\r\n};\r\n\r\nconst DEFAULT_CACHE_OPTIONS: CacheOptions = {};\r\n\r\nconst DEFAULT_LOGGER_OPTIONS: LoggerOptions = {\r\n    loggerCallback: (): void => {\r\n        // allow users to not set logger call back\r\n    },\r\n    piiLoggingEnabled: false,\r\n    logLevel: LogLevel.Info,\r\n};\r\n\r\nconst DEFAULT_SYSTEM_OPTIONS: NodeSystemOptions = {\r\n    loggerOptions: DEFAULT_LOGGER_OPTIONS,\r\n    networkClient: NetworkUtils.getNetworkClient(),\r\n};\r\n\r\n/**\r\n * Sets the default options when not explicitly configured from app developer\r\n *\r\n * @param auth - Authentication options\r\n * @param cache - Cache options\r\n * @param system - System options\r\n *\r\n * @returns Configuration\r\n * @public\r\n */\r\nexport function buildAppConfiguration({\r\n    auth,\r\n    cache,\r\n    system,\r\n}: Configuration): Configuration {\r\n    return {\r\n        auth: { ...DEFAULT_AUTH_OPTIONS, ...auth },\r\n        cache: { ...DEFAULT_CACHE_OPTIONS, ...cache },\r\n        system: { ...DEFAULT_SYSTEM_OPTIONS, ...system },\r\n    };\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { INetworkModule } from \"@azure/msal-common\";\r\nimport { HttpClient } from \"../network/HttpClient\";\r\n\r\nexport class NetworkUtils {\r\n    /**\r\n     * Returns best compatible network client object.\r\n     */\r\n    static getNetworkClient(): INetworkModule {\r\n        return new HttpClient();\r\n    }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { v4 as uuidv4 } from \"uuid\";\r\n\r\nexport class GuidGenerator {\r\n    /**\r\n     *\r\n     * RFC4122: The version 4 UUID is meant for generating UUIDs from truly-random or pseudo-random numbers.\r\n     * uuidv4 generates guids from cryprtographically-string random\r\n     */\r\n    static generateGuid(): string {\r\n        return uuidv4();\r\n    }\r\n\r\n    /**\r\n     * verifies if a string is  GUID\r\n     * @param guid\r\n     */\r\n    static isGuid(guid: string) {\r\n        const regexGuid = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;\r\n        return regexGuid.test(guid);\r\n    }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nexport class EncodingUtils {\r\n    /**\r\n     * 'utf8': Multibyte encoded Unicode characters. Many web pages and other document formats use UTF-8.\r\n     * 'base64': Base64 encoding.\r\n     *\r\n     * @param str text\r\n     */\r\n    static base64Encode(str: string, encoding?: BufferEncoding): string {\r\n        return Buffer.from(str, encoding).toString(\"base64\");\r\n    }\r\n\r\n    /**\r\n     * encode a URL\r\n     * @param str\r\n     */\r\n    static base64EncodeUrl(str: string, encoding?: BufferEncoding): string {\r\n        return EncodingUtils.base64Encode(str, encoding)\r\n            .replace(/=/g, \"\")\r\n            .replace(/\\+/g, \"-\")\r\n            .replace(/\\//g, \"_\");\r\n    }\r\n\r\n    /**\r\n     * 'utf8': Multibyte encoded Unicode characters. Many web pages and other document formats use UTF-8.\r\n     * 'base64': Base64 encoding.\r\n     *\r\n     * @param base64Str Base64 encoded text\r\n     */\r\n    static base64Decode(base64Str: string): string {\r\n        return Buffer.from(base64Str, \"base64\").toString(\"utf8\");\r\n    }\r\n\r\n    /**\r\n     * @param base64Str Base64 encoded Url\r\n     */\r\n    static base64DecodeUrl(base64Str: string): string {\r\n        let str = base64Str.replace(/-/g, \"+\").replace(/_/g, \"/\");\r\n        while (str.length % 4) {\r\n            str += \"=\";\r\n        }\r\n        return EncodingUtils.base64Decode(str);\r\n    }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { PkceCodes } from \"@azure/msal-common\";\r\nimport { CharSet, Hash, RANDOM_OCTET_SIZE } from \"../utils/Constants\";\r\nimport { EncodingUtils } from \"../utils/EncodingUtils\";\r\nimport crypto from \"crypto\";\r\n\r\n/**\r\n * https://tools.ietf.org/html/rfc7636#page-8\r\n */\r\nexport class PkceGenerator {\r\n    /**\r\n     * generates the codeVerfier and the challenge from the codeVerfier\r\n     * reference: https://tools.ietf.org/html/rfc7636#section-4.1 and https://tools.ietf.org/html/rfc7636#section-4.2\r\n     */\r\n    async generatePkceCodes(): Promise<PkceCodes> {\r\n        const verifier = this.generateCodeVerifier();\r\n        const challenge = this.generateCodeChallengeFromVerifier(verifier);\r\n        return { verifier, challenge };\r\n    }\r\n\r\n    /**\r\n     * generates the codeVerfier; reference: https://tools.ietf.org/html/rfc7636#section-4.1\r\n     */\r\n    private generateCodeVerifier(): string {\r\n        const buffer: Uint8Array = crypto.randomBytes(RANDOM_OCTET_SIZE);\r\n        const verifier: string = this.bufferToCVString(buffer);\r\n        return EncodingUtils.base64EncodeUrl(verifier);\r\n    }\r\n\r\n    /**\r\n     * generate the challenge from the codeVerfier; reference: https://tools.ietf.org/html/rfc7636#section-4.2\r\n     * @param codeVerifier\r\n     */\r\n    private generateCodeChallengeFromVerifier(codeVerifier: string): string {\r\n        return EncodingUtils.base64EncodeUrl(\r\n            this.sha256(codeVerifier).toString(\"base64\"), \r\n            \"base64\"\r\n        );\r\n    }\r\n\r\n    /**\r\n     * generate 'SHA256' hash\r\n     * @param buffer\r\n     */\r\n    private sha256(buffer: string): Buffer {\r\n        return crypto\r\n            .createHash(Hash.SHA256)\r\n            .update(buffer)\r\n            .digest();\r\n    }\r\n\r\n    /**\r\n     * Accepted characters; reference: https://tools.ietf.org/html/rfc7636#section-4.1\r\n     * @param buffer\r\n     */\r\n    private bufferToCVString(buffer: Uint8Array): string {\r\n        const charArr = [];\r\n        for (let i = 0; i < buffer.byteLength; i += 1) {\r\n            const index = buffer[i] % CharSet.CV_CHARSET.length;\r\n            charArr.push(CharSet.CV_CHARSET[index]);\r\n        }\r\n        return charArr.join(\"\");\r\n    }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { ICrypto, PkceCodes } from \"@azure/msal-common\";\r\nimport { GuidGenerator } from \"./GuidGenerator\";\r\nimport { EncodingUtils } from \"../utils/EncodingUtils\";\r\nimport { PkceGenerator } from \"./PkceGenerator\";\r\n\r\n/**\r\n * This class implements MSAL node's crypto interface, which allows it to perform base64 encoding and decoding, generating cryptographically random GUIDs and\r\n * implementing Proof Key for Code Exchange specs for the OAuth Authorization Code Flow using PKCE (rfc here: https://tools.ietf.org/html/rfc7636).\r\n * @public\r\n */\r\nexport class CryptoProvider implements ICrypto {\r\n    private pkceGenerator: PkceGenerator;\r\n\r\n    constructor() {\r\n        // Browser crypto needs to be validated first before any other classes can be set.\r\n        this.pkceGenerator = new PkceGenerator();\r\n    }\r\n\r\n    /**\r\n     * Creates a new random GUID - used to populate state and nonce.\r\n     * @returns string (GUID)\r\n     */\r\n    createNewGuid(): string {\r\n        return GuidGenerator.generateGuid();\r\n    }\r\n\r\n    /**\r\n     * Encodes input string to base64.\r\n     * @param input - string to be encoded\r\n     */\r\n    base64Encode(input: string): string {\r\n        return EncodingUtils.base64Encode(input);\r\n    }\r\n\r\n    /**\r\n     * Decodes input string from base64.\r\n     * @param input - string to be decoded\r\n     */\r\n    base64Decode(input: string): string {\r\n        return EncodingUtils.base64Decode(input);\r\n    }\r\n\r\n    /**\r\n     * Generates PKCE codes used in Authorization Code Flow.\r\n     */\r\n    generatePkceCodes(): Promise<PkceCodes> {\r\n        return this.pkceGenerator.generatePkceCodes();\r\n    }\r\n\r\n    /**\r\n     * Generates a keypair, stores it and returns a thumbprint - not yet implemented for node\r\n     */\r\n    getPublicKeyThumbprint(): Promise<string> {\r\n        throw new Error(\"Method not implemented.\");\r\n    }\r\n\r\n    /**\r\n     * Signs the given object as a jwt payload with private key retrieved by given kid - currently not implemented for node\r\n     */\r\n    signJwt(): Promise<string> {\r\n        throw new Error(\"Method not implemented.\");\r\n    }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { StringUtils, AccountCache, IdTokenCache, AccessTokenCache, RefreshTokenCache, AppMetadataCache, AccountEntity, IdTokenEntity, AccessTokenEntity, RefreshTokenEntity, AppMetadataEntity, CacheManager } from \"@azure/msal-common\";\r\nimport { JsonCache, InMemoryCache, SerializedAccountEntity, SerializedIdTokenEntity, SerializedAccessTokenEntity, SerializedRefreshTokenEntity, SerializedAppMetadataEntity } from \"./SerializerTypes\";\r\n\r\n/**\r\n * This class deserializes cache entities read from the file into in memory object types defined internally\r\n */\r\nexport class Deserializer {\r\n    /**\r\n     * Parse the JSON blob in memory and deserialize the content\r\n     * @param cachedJson\r\n     */\r\n    static deserializeJSONBlob(jsonFile: string): JsonCache {\r\n        const deserializedCache = StringUtils.isEmpty(jsonFile)\r\n            ? {}\r\n            : JSON.parse(jsonFile);\r\n        return deserializedCache;\r\n    }\r\n\r\n    /**\r\n     * Deserializes accounts to AccountEntity objects\r\n     * @param accounts\r\n     */\r\n    static deserializeAccounts(accounts: Record<string, SerializedAccountEntity>): AccountCache {\r\n        const accountObjects: AccountCache = {};\r\n        if (accounts) {\r\n            Object.keys(accounts).map(function (key) {\r\n                const serializedAcc = accounts[key];\r\n                const mappedAcc = {\r\n                    homeAccountId: serializedAcc.home_account_id,\r\n                    environment: serializedAcc.environment,\r\n                    realm: serializedAcc.realm,\r\n                    localAccountId: serializedAcc.local_account_id,\r\n                    username: serializedAcc.username,\r\n                    authorityType: serializedAcc.authority_type,\r\n                    name: serializedAcc.name,\r\n                    clientInfo: serializedAcc.client_info,\r\n                    lastModificationTime: serializedAcc.last_modification_time,\r\n                    lastModificationApp: serializedAcc.last_modification_app,\r\n                };\r\n                const account: AccountEntity = new AccountEntity();\r\n                CacheManager.toObject(account, mappedAcc);\r\n                accountObjects[key] = account;\r\n            });\r\n        }\r\n\r\n        return accountObjects;\r\n    }\r\n\r\n    /**\r\n     * Deserializes id tokens to IdTokenEntity objects\r\n     * @param idTokens\r\n     */\r\n    static deserializeIdTokens(idTokens: Record<string, SerializedIdTokenEntity>): IdTokenCache {\r\n        const idObjects: IdTokenCache = {};\r\n        if (idTokens) {\r\n            Object.keys(idTokens).map(function (key) {\r\n                const serializedIdT = idTokens[key];\r\n                const mappedIdT = {\r\n                    homeAccountId: serializedIdT.home_account_id,\r\n                    environment: serializedIdT.environment,\r\n                    credentialType: serializedIdT.credential_type,\r\n                    clientId: serializedIdT.client_id,\r\n                    secret: serializedIdT.secret,\r\n                    realm: serializedIdT.realm,\r\n                };\r\n                const idToken: IdTokenEntity = new IdTokenEntity();\r\n                CacheManager.toObject(idToken, mappedIdT);\r\n                idObjects[key] = idToken;\r\n            });\r\n        }\r\n        return idObjects;\r\n    }\r\n\r\n    /**\r\n     * Deserializes access tokens to AccessTokenEntity objects\r\n     * @param accessTokens\r\n     */\r\n    static deserializeAccessTokens(accessTokens: Record<string, SerializedAccessTokenEntity>): AccessTokenCache {\r\n        const atObjects: AccessTokenCache = {};\r\n        if (accessTokens) {\r\n            Object.keys(accessTokens).map(function (key) {\r\n                const serializedAT = accessTokens[key];\r\n                const mappedAT = {\r\n                    homeAccountId: serializedAT.home_account_id,\r\n                    environment: serializedAT.environment,\r\n                    credentialType: serializedAT.credential_type,\r\n                    clientId: serializedAT.client_id,\r\n                    secret: serializedAT.secret,\r\n                    realm: serializedAT.realm,\r\n                    target: serializedAT.target,\r\n                    cachedAt: serializedAT.cached_at,\r\n                    expiresOn: serializedAT.expires_on,\r\n                    extendedExpiresOn: serializedAT.extended_expires_on,\r\n                    refreshOn: serializedAT.refresh_on,\r\n                    keyId: serializedAT.key_id,\r\n                    tokenType: serializedAT.token_type,\r\n                };\r\n                const accessToken: AccessTokenEntity = new AccessTokenEntity();\r\n                CacheManager.toObject(accessToken, mappedAT);\r\n                atObjects[key] = accessToken;\r\n            });\r\n        }\r\n\r\n        return atObjects;\r\n    }\r\n\r\n    /**\r\n     * Deserializes refresh tokens to RefreshTokenEntity objects\r\n     * @param refreshTokens\r\n     */\r\n    static deserializeRefreshTokens(refreshTokens: Record<string, SerializedRefreshTokenEntity>): RefreshTokenCache {\r\n        const rtObjects: RefreshTokenCache = {};\r\n        if (refreshTokens) {\r\n            Object.keys(refreshTokens).map(function (key) {\r\n                const serializedRT = refreshTokens[key];\r\n                const mappedRT = {\r\n                    homeAccountId: serializedRT.home_account_id,\r\n                    environment: serializedRT.environment,\r\n                    credentialType: serializedRT.credential_type,\r\n                    clientId: serializedRT.client_id,\r\n                    secret: serializedRT.secret,\r\n                    familyId: serializedRT.family_id,\r\n                    target: serializedRT.target,\r\n                    realm: serializedRT.realm,\r\n                };\r\n                const refreshToken: RefreshTokenEntity = new RefreshTokenEntity();\r\n                CacheManager.toObject(refreshToken, mappedRT);\r\n                rtObjects[key] = refreshToken;\r\n            });\r\n        }\r\n\r\n        return rtObjects;\r\n    }\r\n\r\n    /**\r\n     * Deserializes appMetadata to AppMetaData objects\r\n     * @param appMetadata\r\n     */\r\n    static deserializeAppMetadata(appMetadata: Record<string, SerializedAppMetadataEntity>): AppMetadataCache {\r\n        const appMetadataObjects: AppMetadataCache = {};\r\n        if (appMetadata) {\r\n            Object.keys(appMetadata).map(function (key) {\r\n                const serializedAmdt = appMetadata[key];\r\n                const mappedAmd = {\r\n                    clientId: serializedAmdt.client_id,\r\n                    environment: serializedAmdt.environment,\r\n                    familyId: serializedAmdt.family_id,\r\n                };\r\n                const amd: AppMetadataEntity = new AppMetadataEntity();\r\n                CacheManager.toObject(amd, mappedAmd);\r\n                appMetadataObjects[key] = amd;\r\n            });\r\n        }\r\n\r\n        return appMetadataObjects;\r\n    }\r\n\r\n    /**\r\n     * Deserialize an inMemory Cache\r\n     * @param jsonCache\r\n     */\r\n    static deserializeAllCache(jsonCache: JsonCache): InMemoryCache {\r\n        return {\r\n            accounts: jsonCache.Account\r\n                ? this.deserializeAccounts(jsonCache.Account)\r\n                : {},\r\n            idTokens: jsonCache.IdToken\r\n                ? this.deserializeIdTokens(jsonCache.IdToken)\r\n                : {},\r\n            accessTokens: jsonCache.AccessToken\r\n                ? this.deserializeAccessTokens(jsonCache.AccessToken)\r\n                : {},\r\n            refreshTokens: jsonCache.RefreshToken\r\n                ? this.deserializeRefreshTokens(jsonCache.RefreshToken)\r\n                : {},\r\n            appMetadata: jsonCache.AppMetadata\r\n                ? this.deserializeAppMetadata(jsonCache.AppMetadata)\r\n                : {},\r\n        };\r\n    }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { AccountCache, IdTokenCache, AccessTokenCache, RefreshTokenCache, AppMetadataCache } from \"@azure/msal-common\";\r\nimport { InMemoryCache, JsonCache, SerializedAccountEntity, SerializedIdTokenEntity, SerializedAccessTokenEntity, SerializedRefreshTokenEntity, SerializedAppMetadataEntity } from \"./SerializerTypes\";\r\n\r\nexport class Serializer {\r\n    /**\r\n     * serialize the JSON blob\r\n     * @param data\r\n     */\r\n    static serializeJSONBlob(data: JsonCache): string {\r\n        return JSON.stringify(data);\r\n    }\r\n\r\n    /**\r\n     * Serialize Accounts\r\n     * @param accCache\r\n     */\r\n    static serializeAccounts(accCache: AccountCache): Record<string, SerializedAccountEntity> {\r\n        const accounts: Record<string, SerializedAccountEntity> = {};\r\n        Object.keys(accCache).map(function (key) {\r\n            const accountEntity = accCache[key];\r\n            accounts[key] = {\r\n                home_account_id: accountEntity.homeAccountId,\r\n                environment: accountEntity.environment,\r\n                realm: accountEntity.realm,\r\n                local_account_id: accountEntity.localAccountId,\r\n                username: accountEntity.username,\r\n                authority_type: accountEntity.authorityType,\r\n                name: accountEntity.name,\r\n                client_info: accountEntity.clientInfo,\r\n                last_modification_time: accountEntity.lastModificationTime,\r\n                last_modification_app: accountEntity.lastModificationApp,\r\n            };\r\n        });\r\n\r\n        return accounts;\r\n    }\r\n\r\n    /**\r\n     * Serialize IdTokens\r\n     * @param idTCache\r\n     */\r\n    static serializeIdTokens(idTCache: IdTokenCache): Record<string, SerializedIdTokenEntity> {\r\n        const idTokens: Record<string, SerializedIdTokenEntity> = {};\r\n        Object.keys(idTCache).map(function (key) {\r\n            const idTEntity = idTCache[key];\r\n            idTokens[key] = {\r\n                home_account_id: idTEntity.homeAccountId,\r\n                environment: idTEntity.environment,\r\n                credential_type: idTEntity.credentialType,\r\n                client_id: idTEntity.clientId,\r\n                secret: idTEntity.secret,\r\n                realm: idTEntity.realm,\r\n            };\r\n        });\r\n\r\n        return idTokens;\r\n    }\r\n\r\n    /**\r\n     * Serializes AccessTokens\r\n     * @param atCache\r\n     */\r\n    static serializeAccessTokens(atCache: AccessTokenCache): Record<string, SerializedAccessTokenEntity> {\r\n        const accessTokens: Record<string, SerializedAccessTokenEntity> = {};\r\n        Object.keys(atCache).map(function (key) {\r\n            const atEntity = atCache[key];\r\n            accessTokens[key] = {\r\n                home_account_id: atEntity.homeAccountId,\r\n                environment: atEntity.environment,\r\n                credential_type: atEntity.credentialType,\r\n                client_id: atEntity.clientId,\r\n                secret: atEntity.secret,\r\n                realm: atEntity.realm,\r\n                target: atEntity.target,\r\n                cached_at: atEntity.cachedAt,\r\n                expires_on: atEntity.expiresOn,\r\n                extended_expires_on: atEntity.extendedExpiresOn,\r\n                refresh_on: atEntity.refreshOn,\r\n                key_id: atEntity.keyId,\r\n                token_type: atEntity.tokenType,\r\n            };\r\n        });\r\n\r\n        return accessTokens;\r\n    }\r\n\r\n    /**\r\n     * Serialize refreshTokens\r\n     * @param rtCache\r\n     */\r\n    static serializeRefreshTokens(rtCache: RefreshTokenCache): Record<string, SerializedRefreshTokenEntity> {\r\n        const refreshTokens: Record<string, SerializedRefreshTokenEntity> = {};\r\n        Object.keys(rtCache).map(function (key) {\r\n            const rtEntity = rtCache[key];\r\n            refreshTokens[key] = {\r\n                home_account_id: rtEntity.homeAccountId,\r\n                environment: rtEntity.environment,\r\n                credential_type: rtEntity.credentialType,\r\n                client_id: rtEntity.clientId,\r\n                secret: rtEntity.secret,\r\n                family_id: rtEntity.familyId,\r\n                target: rtEntity.target,\r\n                realm: rtEntity.realm\r\n            };\r\n        });\r\n\r\n        return refreshTokens;\r\n    }\r\n\r\n    /**\r\n     * Serialize amdtCache\r\n     * @param amdtCache\r\n     */\r\n    static serializeAppMetadata(amdtCache: AppMetadataCache): Record<string, SerializedAppMetadataEntity> {\r\n        const appMetadata: Record<string, SerializedAppMetadataEntity> = {};\r\n        Object.keys(amdtCache).map(function (key) {\r\n            const amdtEntity = amdtCache[key];\r\n            appMetadata[key] = {\r\n                client_id: amdtEntity.clientId,\r\n                environment: amdtEntity.environment,\r\n                family_id: amdtEntity.familyId,\r\n            };\r\n        });\r\n\r\n        return appMetadata;\r\n    }\r\n\r\n    /**\r\n     * Serialize the cache\r\n     * @param jsonContent\r\n     */\r\n    static serializeAllCache(inMemCache: InMemoryCache): JsonCache {\r\n        return {\r\n            Account: this.serializeAccounts(inMemCache.accounts),\r\n            IdToken: this.serializeIdTokens(inMemCache.idTokens),\r\n            AccessToken: this.serializeAccessTokens(inMemCache.accessTokens),\r\n            RefreshToken: this.serializeRefreshTokens(inMemCache.refreshTokens),\r\n            AppMetadata: this.serializeAppMetadata(inMemCache.appMetadata),\r\n        };\r\n    }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport {\r\n    AccountEntity,\r\n    IdTokenEntity,\r\n    AccessTokenEntity,\r\n    RefreshTokenEntity,\r\n    AppMetadataEntity,\r\n    ServerTelemetryEntity,\r\n    ThrottlingEntity,\r\n    CacheManager,\r\n    Logger,\r\n    ValidCacheType,\r\n    ICrypto,\r\n    AuthorityMetadataEntity\r\n} from \"@azure/msal-common\";\r\nimport { Deserializer } from \"./serializer/Deserializer\";\r\nimport { Serializer } from \"./serializer/Serializer\";\r\nimport { InMemoryCache, JsonCache, CacheKVStore } from \"./serializer/SerializerTypes\";\r\n\r\n/**\r\n * This class implements Storage for node, reading cache from user specified storage location or an  extension library\r\n * @public\r\n */\r\nexport class NodeStorage extends CacheManager {\r\n    // Cache configuration, either set by user or default values.\r\n    private logger: Logger;\r\n    private cache: CacheKVStore = {};\r\n    private changeEmitters: Array<Function> = [];\r\n\r\n    constructor(logger: Logger, clientId: string, cryptoImpl: ICrypto) {\r\n        super(clientId, cryptoImpl);\r\n        this.logger = logger;\r\n    }\r\n\r\n    /**\r\n     * Queue up callbacks\r\n     * @param func - a callback function for cache change indication\r\n     */\r\n    registerChangeEmitter(func: () => void): void {\r\n        this.changeEmitters.push(func);\r\n    }\r\n\r\n    /**\r\n     * Invoke the callback when cache changes\r\n     */\r\n    emitChange(): void {\r\n        this.changeEmitters.forEach(func => func.call(null));\r\n    }\r\n\r\n    /**\r\n     * Converts cacheKVStore to InMemoryCache\r\n     * @param cache - key value store\r\n     */\r\n    cacheToInMemoryCache(cache: CacheKVStore): InMemoryCache {\r\n\r\n        const inMemoryCache: InMemoryCache = {\r\n            accounts: {},\r\n            idTokens: {},\r\n            accessTokens: {},\r\n            refreshTokens: {},\r\n            appMetadata: {},\r\n        };\r\n\r\n        for (const key in cache) {\r\n            if (cache[key as string] instanceof AccountEntity) {\r\n                inMemoryCache.accounts[key] = cache[key] as AccountEntity;\r\n            } else if (cache[key] instanceof IdTokenEntity) {\r\n                inMemoryCache.idTokens[key] = cache[key] as IdTokenEntity;\r\n            } else if (cache[key] instanceof AccessTokenEntity) {\r\n                inMemoryCache.accessTokens[key] = cache[key] as AccessTokenEntity;\r\n            } else if (cache[key] instanceof RefreshTokenEntity) {\r\n                inMemoryCache.refreshTokens[key] = cache[key] as RefreshTokenEntity;\r\n            } else if (cache[key] instanceof AppMetadataEntity) {\r\n                inMemoryCache.appMetadata[key] = cache[key] as AppMetadataEntity;\r\n            } else {\r\n                continue;\r\n            }\r\n        }\r\n\r\n        return inMemoryCache;\r\n    }\r\n\r\n    /**\r\n     * converts inMemoryCache to CacheKVStore\r\n     * @param inMemoryCache - kvstore map for inmemory\r\n     */\r\n    inMemoryCacheToCache(inMemoryCache: InMemoryCache): CacheKVStore {\r\n        // convert in memory cache to a flat Key-Value map\r\n        let cache = this.getCache();\r\n\r\n        cache = {\r\n            ...inMemoryCache.accounts,\r\n            ...inMemoryCache.idTokens,\r\n            ...inMemoryCache.accessTokens,\r\n            ...inMemoryCache.refreshTokens,\r\n            ...inMemoryCache.appMetadata\r\n        };\r\n        return cache;\r\n    }\r\n\r\n    /**\r\n     * gets the current in memory cache for the client\r\n     */\r\n    getInMemoryCache(): InMemoryCache {\r\n        this.logger.verbose(\"Getting in-memory cache\");\r\n\r\n        // convert the cache key value store to inMemoryCache\r\n        const inMemoryCache = this.cacheToInMemoryCache(this.getCache());\r\n        return inMemoryCache;\r\n    }\r\n\r\n    /**\r\n     * sets the current in memory cache for the client\r\n     * @param inMemoryCache - key value map in memory\r\n     */\r\n    setInMemoryCache(inMemoryCache: InMemoryCache): void{\r\n        this.logger.verbose(\"Setting in-memory cache\");\r\n\r\n        // convert and append the inMemoryCache to cacheKVStore\r\n        const cache = this.inMemoryCacheToCache(inMemoryCache);\r\n        this.setCache(cache);\r\n\r\n        this.emitChange();\r\n    }\r\n\r\n    /**\r\n     * get the current cache key-value store\r\n     */\r\n    getCache(): CacheKVStore {\r\n        this.logger.verbose(\"Getting cache key-value store\");\r\n        return this.cache;\r\n    }\r\n\r\n    /**\r\n     * sets the current cache (key value store)\r\n     * @param cacheMap - key value map\r\n     */\r\n    setCache(cache: CacheKVStore): void {\r\n        this.logger.verbose(\"Setting cache key value store\");\r\n        this.cache = cache;\r\n\r\n        // mark change in cache\r\n        this.emitChange();\r\n    }\r\n\r\n    /**\r\n     * Gets cache item with given key.\r\n     * @param key - lookup key for the cache entry\r\n     */\r\n    getItem(key: string): ValidCacheType {\r\n        this.logger.verbosePii(`Item key: ${key}`);\r\n\r\n        // read cache\r\n        const cache = this.getCache();\r\n        return cache[key];\r\n    }\r\n\r\n    /**\r\n     * Gets cache item with given key-value\r\n     * @param key - lookup key for the cache entry\r\n     * @param value - value of the cache entry\r\n     */\r\n    setItem(key: string, value: ValidCacheType): void {\r\n        this.logger.verbosePii(`Item key: ${key}`);\r\n\r\n        // read cache\r\n        const cache = this.getCache();\r\n        cache[key] = value;\r\n\r\n        // write to cache\r\n        this.setCache(cache);\r\n    }\r\n\r\n    /**\r\n     * fetch the account entity\r\n     * @param accountKey - lookup key to fetch cache type AccountEntity\r\n     */\r\n    getAccount(accountKey: string): AccountEntity | null {\r\n        const account = this.getItem(accountKey) as AccountEntity;\r\n        if (AccountEntity.isAccountEntity(account)) {\r\n            return account;\r\n        }\r\n        return null;\r\n    }\r\n\r\n    /**\r\n     * set account entity\r\n     * @param account - cache value to be set of type AccountEntity\r\n     */\r\n    setAccount(account: AccountEntity): void {\r\n        const accountKey = account.generateAccountKey();\r\n        this.setItem(accountKey, account);\r\n    }\r\n\r\n    /**\r\n     * fetch the idToken credential\r\n     * @param idTokenKey - lookup key to fetch cache type IdTokenEntity\r\n     */\r\n    getIdTokenCredential(idTokenKey: string): IdTokenEntity | null {\r\n        const idToken = this.getItem(idTokenKey) as IdTokenEntity;\r\n        if (IdTokenEntity.isIdTokenEntity(idToken)) {\r\n            return idToken;\r\n        }\r\n        return null;\r\n    }\r\n\r\n    /**\r\n     * set idToken credential\r\n     * @param idToken - cache value to be set of type IdTokenEntity\r\n     */\r\n    setIdTokenCredential(idToken: IdTokenEntity): void {\r\n        const idTokenKey = idToken.generateCredentialKey();\r\n        this.setItem(idTokenKey, idToken);\r\n    }\r\n\r\n    /**\r\n     * fetch the accessToken credential\r\n     * @param accessTokenKey - lookup key to fetch cache type AccessTokenEntity\r\n     */\r\n    getAccessTokenCredential(accessTokenKey: string): AccessTokenEntity | null {\r\n        const accessToken = this.getItem(accessTokenKey) as AccessTokenEntity;\r\n        if (AccessTokenEntity.isAccessTokenEntity(accessToken)) {\r\n            return accessToken;\r\n        }\r\n        return null;\r\n    }\r\n\r\n    /**\r\n     * set accessToken credential\r\n     * @param accessToken -  cache value to be set of type AccessTokenEntity\r\n     */\r\n    setAccessTokenCredential(accessToken: AccessTokenEntity): void {\r\n        const accessTokenKey = accessToken.generateCredentialKey();\r\n        this.setItem(accessTokenKey, accessToken);\r\n    }\r\n\r\n    /**\r\n     * fetch the refreshToken credential\r\n     * @param refreshTokenKey - lookup key to fetch cache type RefreshTokenEntity\r\n     */\r\n    getRefreshTokenCredential(refreshTokenKey: string): RefreshTokenEntity | null {\r\n        const refreshToken = this.getItem(refreshTokenKey) as RefreshTokenEntity;\r\n        if (RefreshTokenEntity.isRefreshTokenEntity(refreshToken)) {\r\n            return refreshToken as RefreshTokenEntity;\r\n        }\r\n        return null;\r\n    }\r\n\r\n    /**\r\n     * set refreshToken credential\r\n     * @param refreshToken - cache value to be set of type RefreshTokenEntity\r\n     */\r\n    setRefreshTokenCredential(refreshToken: RefreshTokenEntity): void {\r\n        const refreshTokenKey = refreshToken.generateCredentialKey();\r\n        this.setItem(refreshTokenKey, refreshToken);\r\n    }\r\n\r\n    /**\r\n     * fetch appMetadata entity from the platform cache\r\n     * @param appMetadataKey - lookup key to fetch cache type AppMetadataEntity\r\n     */\r\n    getAppMetadata(appMetadataKey: string): AppMetadataEntity | null {\r\n        const appMetadata: AppMetadataEntity = this.getItem(appMetadataKey) as AppMetadataEntity;\r\n        if (AppMetadataEntity.isAppMetadataEntity(appMetadataKey, appMetadata)) {\r\n            return appMetadata;\r\n        }\r\n        return null;\r\n    }\r\n\r\n    /**\r\n     * set appMetadata entity to the platform cache\r\n     * @param appMetadata - cache value to be set of type AppMetadataEntity\r\n     */\r\n    setAppMetadata(appMetadata: AppMetadataEntity): void {\r\n        const appMetadataKey = appMetadata.generateAppMetadataKey();\r\n        this.setItem(appMetadataKey, appMetadata);\r\n    }\r\n\r\n    /**\r\n     * fetch server telemetry entity from the platform cache\r\n     * @param serverTelemetrykey - lookup key to fetch cache type ServerTelemetryEntity\r\n     */\r\n    getServerTelemetry(serverTelemetrykey: string): ServerTelemetryEntity | null {\r\n        const serverTelemetryEntity: ServerTelemetryEntity = this.getItem(serverTelemetrykey) as ServerTelemetryEntity;\r\n        if (serverTelemetryEntity && ServerTelemetryEntity.isServerTelemetryEntity(serverTelemetrykey, serverTelemetryEntity)) {\r\n            return serverTelemetryEntity;\r\n        }\r\n        return null;\r\n    }\r\n\r\n    /**\r\n     * set server telemetry entity to the platform cache\r\n     * @param serverTelemetryKey - lookup key to fetch cache type ServerTelemetryEntity\r\n     * @param serverTelemetry - cache value to be set of type ServerTelemetryEntity\r\n     */\r\n    setServerTelemetry(serverTelemetryKey: string, serverTelemetry: ServerTelemetryEntity): void {\r\n        this.setItem(serverTelemetryKey, serverTelemetry);\r\n    }\r\n\r\n    /**\r\n     * fetch authority metadata entity from the platform cache\r\n     * @param key - lookup key to fetch cache type AuthorityMetadataEntity\r\n     */\r\n    getAuthorityMetadata(key: string): AuthorityMetadataEntity | null {\r\n        const authorityMetadataEntity: AuthorityMetadataEntity = this.getItem(key) as AuthorityMetadataEntity;\r\n        if (authorityMetadataEntity && AuthorityMetadataEntity.isAuthorityMetadataEntity(key, authorityMetadataEntity)) {\r\n            return authorityMetadataEntity;\r\n        }\r\n        return null;\r\n    }\r\n\r\n    /**\r\n     * Get all authority metadata keys\r\n     */\r\n    getAuthorityMetadataKeys(): Array<string> {\r\n        return this.getKeys().filter((key) => {\r\n            return this.isAuthorityMetadata(key);\r\n        });\r\n    }\r\n\r\n    /**\r\n     * set authority metadata entity to the platform cache\r\n     * @param key - lookup key to fetch cache type AuthorityMetadataEntity\r\n     * @param metadata - cache value to be set of type AuthorityMetadataEntity\r\n     */\r\n    setAuthorityMetadata(key: string, metadata: AuthorityMetadataEntity): void {\r\n        this.setItem(key, metadata);\r\n    }\r\n\r\n    /**\r\n     * fetch throttling entity from the platform cache\r\n     * @param throttlingCacheKey - lookup key to fetch cache type ThrottlingEntity\r\n     */\r\n    getThrottlingCache(throttlingCacheKey: string): ThrottlingEntity | null {\r\n        const throttlingCache: ThrottlingEntity = this.getItem(throttlingCacheKey) as ThrottlingEntity;\r\n        if (throttlingCache && ThrottlingEntity.isThrottlingEntity(throttlingCacheKey, throttlingCache)) {\r\n            return throttlingCache;\r\n        }\r\n        return null;\r\n    }\r\n\r\n    /**\r\n     * set throttling entity to the platform cache\r\n     * @param throttlingCacheKey - lookup key to fetch cache type ThrottlingEntity\r\n     * @param throttlingCache - cache value to be set of type ThrottlingEntity\r\n     */\r\n    setThrottlingCache(throttlingCacheKey: string, throttlingCache: ThrottlingEntity): void {\r\n        this.setItem(throttlingCacheKey, throttlingCache);\r\n    }\r\n\r\n    /**\r\n     * Removes the cache item from memory with the given key.\r\n     * @param key - lookup key to remove a cache entity\r\n     * @param inMemory - key value map of the cache\r\n     */\r\n    removeItem(key: string): boolean {\r\n        this.logger.verbosePii(`Item key: ${key}`);\r\n\r\n        // read inMemoryCache\r\n        let result: boolean = false;\r\n        const cache = this.getCache();\r\n\r\n        if (!!cache[key]) {\r\n            delete cache[key];\r\n            result = true;\r\n        }\r\n\r\n        // write to the cache after removal\r\n        if (result) {\r\n            this.setCache(cache);\r\n            this.emitChange();\r\n        }\r\n        return result;\r\n    }\r\n\r\n    /**\r\n     * Checks whether key is in cache.\r\n     * @param key - look up key for a cache entity\r\n     */\r\n    containsKey(key: string): boolean {\r\n        return this.getKeys().includes(key);\r\n    }\r\n\r\n    /**\r\n     * Gets all keys in window.\r\n     */\r\n    getKeys(): string[] {\r\n        this.logger.verbose(\"Retrieving all cache keys\");\r\n\r\n        // read cache\r\n        const cache = this.getCache();\r\n        return [ ...Object.keys(cache)];\r\n    }\r\n\r\n    /**\r\n     * Clears all cache entries created by MSAL (except tokens).\r\n     */\r\n    clear(): void {\r\n        this.logger.verbose(\"Clearing cache entries created by MSAL\");\r\n\r\n        // read inMemoryCache\r\n        const cacheKeys = this.getKeys();\r\n\r\n        // delete each element\r\n        cacheKeys.forEach(key => {\r\n            this.removeItem(key);\r\n        });\r\n        this.emitChange();\r\n    }\r\n\r\n    /**\r\n     * Initialize in memory cache from an exisiting cache vault\r\n     * @param cache - blob formatted cache (JSON)\r\n     */\r\n    static generateInMemoryCache(cache: string): InMemoryCache {\r\n        return Deserializer.deserializeAllCache(\r\n            Deserializer.deserializeJSONBlob(cache)\r\n        );\r\n    }\r\n\r\n    /**\r\n     * retrieves the final JSON\r\n     * @param inMemoryCache - itemised cache read from the JSON\r\n     */\r\n    static generateJsonCache(inMemoryCache: InMemoryCache): JsonCache {\r\n        return Serializer.serializeAllCache(inMemoryCache);\r\n    }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { NodeStorage } from \"./NodeStorage\";\r\nimport { StringUtils, AccountEntity, AccountInfo, Logger, ISerializableTokenCache, ICachePlugin, TokenCacheContext } from \"@azure/msal-common\";\r\nimport { InMemoryCache, JsonCache, SerializedAccountEntity, SerializedAccessTokenEntity, SerializedRefreshTokenEntity, SerializedIdTokenEntity, SerializedAppMetadataEntity, CacheKVStore } from \"./serializer/SerializerTypes\";\r\nimport { Deserializer } from \"./serializer/Deserializer\";\r\nimport { Serializer } from \"./serializer/Serializer\";\r\nimport { ITokenCache } from \"./ITokenCache\";\r\n\r\nconst defaultSerializedCache: JsonCache = {\r\n    Account: {},\r\n    IdToken: {},\r\n    AccessToken: {},\r\n    RefreshToken: {},\r\n    AppMetadata: {},\r\n};\r\n\r\n/**\r\n * In-memory token cache manager\r\n * @public\r\n */\r\nexport class TokenCache implements ISerializableTokenCache, ITokenCache {\r\n\r\n    private storage: NodeStorage;\r\n    private cacheHasChanged: boolean;\r\n    private cacheSnapshot: string;\r\n    private readonly persistence: ICachePlugin;\r\n    private logger: Logger;\r\n\r\n    constructor(storage: NodeStorage, logger: Logger, cachePlugin?: ICachePlugin) {\r\n        this.cacheHasChanged = false;\r\n        this.storage = storage;\r\n        this.storage.registerChangeEmitter(this.handleChangeEvent.bind(this));\r\n        if (cachePlugin) {\r\n            this.persistence = cachePlugin;\r\n        }\r\n        this.logger = logger;\r\n    }\r\n\r\n    /**\r\n     * Set to true if cache state has changed since last time serialize or writeToPersistence was called\r\n     */\r\n    hasChanged(): boolean {\r\n        return this.cacheHasChanged;\r\n    }\r\n\r\n    /**\r\n     * Serializes in memory cache to JSON\r\n     */\r\n    serialize(): string {\r\n        this.logger.verbose(\"Serializing in-memory cache\");\r\n        let finalState = Serializer.serializeAllCache(\r\n            this.storage.getInMemoryCache() as InMemoryCache\r\n        );\r\n\r\n        // if cacheSnapshot not null or empty, merge\r\n        if (!StringUtils.isEmpty(this.cacheSnapshot)) {\r\n            this.logger.verbose(\"Reading cache snapshot from disk\");\r\n            finalState = this.mergeState(\r\n                JSON.parse(this.cacheSnapshot),\r\n                finalState\r\n            );\r\n        } else {\r\n            this.logger.verbose(\"No cache snapshot to merge\");\r\n        }\r\n        this.cacheHasChanged = false;\r\n\r\n        return JSON.stringify(finalState);\r\n    }\r\n\r\n    /**\r\n     * Deserializes JSON to in-memory cache. JSON should be in MSAL cache schema format\r\n     * @param cache - blob formatted cache\r\n     */\r\n    deserialize(cache: string): void {\r\n        this.logger.verbose(\"Deserializing JSON to in-memory cache\");\r\n        this.cacheSnapshot = cache;\r\n\r\n        if (!StringUtils.isEmpty(this.cacheSnapshot)) {\r\n            this.logger.verbose(\"Reading cache snapshot from disk\");\r\n            const deserializedCache = Deserializer.deserializeAllCache(\r\n                this.overlayDefaults(JSON.parse(this.cacheSnapshot))\r\n            );\r\n            this.storage.setInMemoryCache(deserializedCache);\r\n        } else {\r\n            this.logger.verbose(\"No cache snapshot to deserialize\");\r\n        }\r\n    }\r\n\r\n    /**\r\n     * Fetches the cache key-value map\r\n     */\r\n    getKVStore(): CacheKVStore {\r\n        return this.storage.getCache();\r\n    }\r\n\r\n    /**\r\n     * API that retrieves all accounts currently in cache to the user\r\n     */\r\n    async getAllAccounts(): Promise<AccountInfo[]> {\r\n\r\n        this.logger.verbose(\"getAllAccounts called\");\r\n        let cacheContext;\r\n        try {\r\n            if (this.persistence) {\r\n                cacheContext = new TokenCacheContext(this, false);\r\n                await this.persistence.beforeCacheAccess(cacheContext);\r\n            }\r\n            return this.storage.getAllAccounts();\r\n        } finally {\r\n            if (this.persistence && cacheContext) {\r\n                await this.persistence.afterCacheAccess(cacheContext);\r\n            }\r\n        }\r\n    }\r\n\r\n    /**\r\n     * Returns the signed in account matching homeAccountId.\r\n     * (the account object is created at the time of successful login)\r\n     * or null when no matching account is found\r\n     * @param homeAccountId - unique identifier for an account (uid.utid)\r\n     */\r\n    async getAccountByHomeId(homeAccountId: string): Promise<AccountInfo | null> {\r\n        const allAccounts = await this.getAllAccounts();\r\n        if (!StringUtils.isEmpty(homeAccountId) && allAccounts && allAccounts.length) {\r\n            return allAccounts.filter(accountObj => accountObj.homeAccountId === homeAccountId)[0] || null;\r\n        } else {\r\n            return null;\r\n        }\r\n    }\r\n\r\n    /**\r\n     * Returns the signed in account matching localAccountId.\r\n     * (the account object is created at the time of successful login)\r\n     * or null when no matching account is found\r\n     * @param localAccountId - unique identifier of an account (sub/obj when homeAccountId cannot be populated)\r\n     */\r\n    async getAccountByLocalId(localAccountId: string): Promise<AccountInfo | null> {\r\n        const allAccounts = await this.getAllAccounts();\r\n        if (!StringUtils.isEmpty(localAccountId) && allAccounts && allAccounts.length) {\r\n            return allAccounts.filter(accountObj => accountObj.localAccountId === localAccountId)[0] || null;\r\n        } else {\r\n            return null;\r\n        }\r\n    }\r\n\r\n    /**\r\n     * API to remove a specific account and the relevant data from cache\r\n     * @param account - AccountInfo passed by the user\r\n     */\r\n    async removeAccount(account: AccountInfo): Promise<void> {\r\n        this.logger.verbose(\"removeAccount called\");\r\n        let cacheContext;\r\n        try {\r\n            if (this.persistence) {\r\n                cacheContext = new TokenCacheContext(this, true);\r\n                await this.persistence.beforeCacheAccess(cacheContext);\r\n            }\r\n            this.storage.removeAccount(AccountEntity.generateAccountCacheKey(account));\r\n        } finally {\r\n            if (this.persistence && cacheContext) {\r\n                await this.persistence.afterCacheAccess(cacheContext);\r\n            }\r\n        }\r\n    }\r\n\r\n    /**\r\n     * Called when the cache has changed state.\r\n     */\r\n    private handleChangeEvent() {\r\n        this.cacheHasChanged = true;\r\n    }\r\n\r\n    /**\r\n     * Merge in memory cache with the cache snapshot.\r\n     * @param oldState - cache before changes\r\n     * @param currentState - current cache state in the library\r\n     */\r\n    private mergeState(oldState: JsonCache, currentState: JsonCache): JsonCache {\r\n        this.logger.verbose(\"Merging in-memory cache with cache snapshot\");\r\n        const stateAfterRemoval = this.mergeRemovals(oldState, currentState);\r\n        return this.mergeUpdates(stateAfterRemoval, currentState);\r\n    }\r\n\r\n    /**\r\n     * Deep update of oldState based on newState values\r\n     * @param oldState - cache before changes\r\n     * @param newState - updated cache\r\n     */\r\n    private mergeUpdates(oldState: any, newState: any): JsonCache {\r\n        Object.keys(newState).forEach((newKey: string) => {\r\n            const newValue = newState[newKey];\r\n\r\n            // if oldState does not contain value but newValue does, add it\r\n            if (!oldState.hasOwnProperty(newKey)) {\r\n                if (newValue !== null) {\r\n                    oldState[newKey] = newValue;\r\n                }\r\n            } else {\r\n                // both oldState and newState contain the key, do deep update\r\n                const newValueNotNull = newValue !== null;\r\n                const newValueIsObject = typeof newValue === \"object\";\r\n                const newValueIsNotArray = !Array.isArray(newValue);\r\n                const oldStateNotUndefinedOrNull = typeof oldState[newKey] !== \"undefined\" && oldState[newKey] !== null;\r\n\r\n                if (newValueNotNull && newValueIsObject && newValueIsNotArray && oldStateNotUndefinedOrNull) {\r\n                    this.mergeUpdates(oldState[newKey], newValue);\r\n                } else {\r\n                    oldState[newKey] = newValue;\r\n                }\r\n            }\r\n        });\r\n\r\n        return oldState;\r\n    }\r\n\r\n    /**\r\n     * Removes entities in oldState that the were removed from newState. If there are any unknown values in root of\r\n     * oldState that are not recognized, they are left untouched.\r\n     * @param oldState - cache before changes\r\n     * @param newState - updated cache\r\n     */\r\n    private mergeRemovals(oldState: JsonCache, newState: JsonCache): JsonCache {\r\n        this.logger.verbose(\"Remove updated entries in cache\");\r\n        const accounts = oldState.Account ? this.mergeRemovalsDict<SerializedAccountEntity>(oldState.Account, newState.Account) : oldState.Account;\r\n        const accessTokens = oldState.AccessToken ? this.mergeRemovalsDict<SerializedAccessTokenEntity>(oldState.AccessToken, newState.AccessToken) : oldState.AccessToken;\r\n        const refreshTokens = oldState.RefreshToken ? this.mergeRemovalsDict<SerializedRefreshTokenEntity>(oldState.RefreshToken, newState.RefreshToken) : oldState.RefreshToken;\r\n        const idTokens = oldState.IdToken ? this.mergeRemovalsDict<SerializedIdTokenEntity>(oldState.IdToken, newState.IdToken) : oldState.IdToken;\r\n        const appMetadata = oldState.AppMetadata ? this.mergeRemovalsDict<SerializedAppMetadataEntity>(oldState.AppMetadata, newState.AppMetadata) : oldState.AppMetadata;\r\n\r\n        return {\r\n            ...oldState,\r\n            Account: accounts,\r\n            AccessToken: accessTokens,\r\n            RefreshToken: refreshTokens,\r\n            IdToken: idTokens,\r\n            AppMetadata: appMetadata\r\n        };\r\n    }\r\n\r\n    /**\r\n     * Helper to merge new cache with the old one\r\n     * @param oldState - cache before changes\r\n     * @param newState - updated cache\r\n     */\r\n    private mergeRemovalsDict<T>(oldState: Record<string, T>, newState?: Record<string, T>): Record<string, T> {\r\n        const finalState = { ...oldState };\r\n        Object.keys(oldState).forEach((oldKey) => {\r\n            if (!newState || !(newState.hasOwnProperty(oldKey))) {\r\n                delete finalState[oldKey];\r\n            }\r\n        });\r\n        return finalState;\r\n    }\r\n\r\n    /**\r\n     * Helper to overlay as a part of cache merge\r\n     * @param passedInCache - cache read from the blob\r\n     */\r\n    private overlayDefaults(passedInCache: JsonCache): JsonCache {\r\n        this.logger.verbose(\"Overlaying input cache with the default cache\");\r\n        return {\r\n            Account: {\r\n                ...defaultSerializedCache.Account,\r\n                ...passedInCache.Account,\r\n            },\r\n            IdToken: {\r\n                ...defaultSerializedCache.IdToken,\r\n                ...passedInCache.IdToken,\r\n            },\r\n            AccessToken: {\r\n                ...defaultSerializedCache.AccessToken,\r\n                ...passedInCache.AccessToken,\r\n            },\r\n            RefreshToken: {\r\n                ...defaultSerializedCache.RefreshToken,\r\n                ...passedInCache.RefreshToken,\r\n            },\r\n            AppMetadata: {\r\n                ...defaultSerializedCache.AppMetadata,\r\n                ...passedInCache.AppMetadata,\r\n            },\r\n        };\r\n    }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport {\r\n    AuthorizationCodeClient,\r\n    ClientConfiguration,\r\n    RefreshTokenClient,\r\n    AuthenticationResult,\r\n    Authority,\r\n    AuthorityFactory,\r\n    BaseAuthRequest,\r\n    SilentFlowClient,\r\n    Logger,\r\n    ServerTelemetryManager,\r\n    ServerTelemetryRequest,\r\n    CommonSilentFlowRequest,\r\n    CommonRefreshTokenRequest,\r\n    CommonAuthorizationCodeRequest,\r\n    CommonAuthorizationUrlRequest,\r\n    AuthenticationScheme,\r\n    ResponseMode,\r\n    AuthorityOptions,\r\n    OIDC_DEFAULT_SCOPES\r\n} from \"@azure/msal-common\";\r\nimport { Configuration, buildAppConfiguration } from \"../config/Configuration\";\r\nimport { CryptoProvider } from \"../crypto/CryptoProvider\";\r\nimport { NodeStorage } from \"../cache/NodeStorage\";\r\nimport { Constants as NodeConstants, ApiId } from \"../utils/Constants\";\r\nimport { TokenCache } from \"../cache/TokenCache\";\r\nimport { ClientAssertion } from \"./ClientAssertion\";\r\nimport { AuthorizationUrlRequest } from \"../request/AuthorizationUrlRequest\";\r\nimport { AuthorizationCodeRequest } from \"../request/AuthorizationCodeRequest\";\r\nimport { RefreshTokenRequest } from \"../request/RefreshTokenRequest\";\r\nimport { SilentFlowRequest } from \"../request/SilentFlowRequest\";\r\nimport { version, name } from \"../packageMetadata\";\r\n\r\n/**\r\n * Base abstract class for all ClientApplications - public and confidential\r\n * @public\r\n */\r\nexport abstract class ClientApplication {\r\n\r\n    private readonly cryptoProvider: CryptoProvider;\r\n    private tokenCache: TokenCache;\r\n\r\n    /**\r\n     * Platform storage object\r\n     */\r\n    protected storage: NodeStorage;\r\n    /**\r\n     * Logger object to log the application flow\r\n     */\r\n    protected logger: Logger;\r\n    /**\r\n     * Platform configuration initialized by the application\r\n     */\r\n    protected config: Configuration;\r\n    /**\r\n     * Client assertion passed by the user for confidential client flows\r\n     */\r\n    protected clientAssertion: ClientAssertion;\r\n    /**\r\n     * Client secret passed by the user for confidential client flows\r\n     */\r\n    protected clientSecret: string;\r\n\r\n    /**\r\n     * Constructor for the ClientApplication\r\n     */\r\n    protected constructor(configuration: Configuration) {\r\n        this.config = buildAppConfiguration(configuration);\r\n        this.cryptoProvider = new CryptoProvider();\r\n        this.logger = new Logger(this.config.system!.loggerOptions!, name, version);\r\n        this.storage = new NodeStorage(this.logger, this.config.auth.clientId, this.cryptoProvider);\r\n        this.tokenCache = new TokenCache(\r\n            this.storage,\r\n            this.logger,\r\n            this.config.cache!.cachePlugin\r\n        );\r\n    }\r\n\r\n    /**\r\n     * Creates the URL of the authorization request, letting the user input credentials and consent to the\r\n     * application. The URL targets the /authorize endpoint of the authority configured in the\r\n     * application object.\r\n     *\r\n     * Once the user inputs their credentials and consents, the authority will send a response to the redirect URI\r\n     * sent in the request and should contain an authorization code, which can then be used to acquire tokens via\r\n     * `acquireTokenByCode(AuthorizationCodeRequest)`.\r\n     */\r\n    async getAuthCodeUrl(request: AuthorizationUrlRequest): Promise<string> {\r\n        this.logger.info(\"getAuthCodeUrl called\");\r\n        const validRequest: CommonAuthorizationUrlRequest = {\r\n            ...request,\r\n            ...this.initializeBaseRequest(request),\r\n            responseMode: request.responseMode || ResponseMode.QUERY,\r\n            authenticationScheme: AuthenticationScheme.BEARER\r\n        };\r\n        const authClientConfig = await this.buildOauthClientConfiguration(\r\n            validRequest.authority\r\n        );\r\n        this.logger.verbose(\"Auth client config generated\");\r\n        const authorizationCodeClient = new AuthorizationCodeClient(\r\n            authClientConfig\r\n        );\r\n        return authorizationCodeClient.getAuthCodeUrl(validRequest);\r\n    }\r\n\r\n    /**\r\n     * Acquires a token by exchanging the Authorization Code received from the first step of OAuth2.0\r\n     * Authorization Code flow.\r\n     *\r\n     * `getAuthCodeUrl(AuthorizationCodeUrlRequest)` can be used to create the URL for the first step of OAuth2.0\r\n     * Authorization Code flow. Ensure that values for redirectUri and scopes in AuthorizationCodeUrlRequest and\r\n     * AuthorizationCodeRequest are the same.\r\n     */\r\n    async acquireTokenByCode(request: AuthorizationCodeRequest): Promise<AuthenticationResult | null> {\r\n        this.logger.info(\"acquireTokenByCode called\");\r\n        const validRequest: CommonAuthorizationCodeRequest = {\r\n            ...request,\r\n            ...this.initializeBaseRequest(request),\r\n            authenticationScheme: AuthenticationScheme.BEARER\r\n        };\r\n        const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByCode, validRequest.correlationId!);\r\n        try {\r\n            const authClientConfig = await this.buildOauthClientConfiguration(\r\n                validRequest.authority,\r\n                serverTelemetryManager\r\n            );\r\n            this.logger.verbose(\"Auth client config generated\");\r\n            const authorizationCodeClient = new AuthorizationCodeClient(\r\n                authClientConfig\r\n            );\r\n            return authorizationCodeClient.acquireToken(validRequest);\r\n        } catch (e) {\r\n            serverTelemetryManager.cacheFailedRequest(e);\r\n            throw e;\r\n        }\r\n    }\r\n\r\n    /**\r\n     * Acquires a token by exchanging the refresh token provided for a new set of tokens.\r\n     *\r\n     * This API is provided only for scenarios where you would like to migrate from ADAL to MSAL. Otherwise, it is\r\n     * recommended that you use `acquireTokenSilent()` for silent scenarios. When using `acquireTokenSilent()`, MSAL will\r\n     * handle the caching and refreshing of tokens automatically.\r\n     */\r\n    async acquireTokenByRefreshToken(request: RefreshTokenRequest): Promise<AuthenticationResult | null> {\r\n        this.logger.info(\"acquireTokenByRefreshToken called\");\r\n        const validRequest: CommonRefreshTokenRequest = {\r\n            ...request,\r\n            ...this.initializeBaseRequest(request),\r\n            authenticationScheme: AuthenticationScheme.BEARER\r\n        };\r\n\r\n        const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByRefreshToken, validRequest.correlationId);\r\n        try {\r\n            const refreshTokenClientConfig = await this.buildOauthClientConfiguration(\r\n                validRequest.authority,\r\n                serverTelemetryManager\r\n            );\r\n            this.logger.verbose(\"Auth client config generated\");\r\n            const refreshTokenClient = new RefreshTokenClient(\r\n                refreshTokenClientConfig\r\n            );\r\n            return refreshTokenClient.acquireToken(validRequest);\r\n        } catch (e) {\r\n            serverTelemetryManager.cacheFailedRequest(e);\r\n            throw e;\r\n        }\r\n    }\r\n\r\n    /**\r\n     * Acquires a token silently when a user specifies the account the token is requested for.\r\n     *\r\n     * This API expects the user to provide an account object and looks into the cache to retrieve the token if present.\r\n     * There is also an optional \"forceRefresh\" boolean the user can send to bypass the cache for access_token and id_token.\r\n     * In case the refresh_token is expired or not found, an error is thrown\r\n     * and the guidance is for the user to call any interactive token acquisition API (eg: `acquireTokenByCode()`).\r\n     */\r\n    async acquireTokenSilent(request: SilentFlowRequest): Promise<AuthenticationResult | null> {\r\n        const validRequest: CommonSilentFlowRequest = {\r\n            ...request,\r\n            ...this.initializeBaseRequest(request),\r\n            forceRefresh: request.forceRefresh || false\r\n        };\r\n\r\n        const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenSilent, validRequest.correlationId, validRequest.forceRefresh);\r\n        try {\r\n            const silentFlowClientConfig = await this.buildOauthClientConfiguration(\r\n                validRequest.authority,\r\n                serverTelemetryManager\r\n            );\r\n            const silentFlowClient = new SilentFlowClient(\r\n                silentFlowClientConfig\r\n            );\r\n            return silentFlowClient.acquireToken(validRequest);\r\n        } catch (e) {\r\n            serverTelemetryManager.cacheFailedRequest(e);\r\n            throw e;\r\n        }\r\n    }\r\n\r\n    /**\r\n     * Gets the token cache for the application.\r\n     */\r\n    getTokenCache(): TokenCache {\r\n        this.logger.info(\"getTokenCache called\");\r\n        return this.tokenCache;\r\n    }\r\n\r\n    /**\r\n     * Returns the logger instance\r\n     */\r\n    getLogger(): Logger {\r\n        return this.logger;\r\n    }\r\n\r\n    /**\r\n     * Replaces the default logger set in configurations with new Logger with new configurations\r\n     * @param logger - Logger instance\r\n     */\r\n    setLogger(logger: Logger): void {\r\n        this.logger = logger;\r\n    }\r\n\r\n    /**\r\n     * Builds the common configuration to be passed to the common component based on the platform configurarion\r\n     * @param authority - user passed authority in configuration\r\n     * @param serverTelemetryManager - initializes servertelemetry if passed\r\n     */\r\n    protected async buildOauthClientConfiguration(authority: string, serverTelemetryManager?: ServerTelemetryManager): Promise<ClientConfiguration> {\r\n        this.logger.verbose(\"buildOauthClientConfiguration called\");\r\n        // using null assertion operator as we ensure that all config values have default values in buildConfiguration()\r\n\r\n        const discoveredAuthority = await this.createAuthority(authority);\r\n\r\n        return {\r\n            authOptions: {\r\n                clientId: this.config.auth.clientId,\r\n                authority: discoveredAuthority,\r\n                clientCapabilities: this.config.auth.clientCapabilities\r\n            },\r\n            loggerOptions: {\r\n                loggerCallback: this.config.system!.loggerOptions!\r\n                    .loggerCallback,\r\n                piiLoggingEnabled: this.config.system!.loggerOptions!\r\n                    .piiLoggingEnabled,\r\n            },\r\n            cryptoInterface: this.cryptoProvider,\r\n            networkInterface: this.config.system!.networkClient,\r\n            storageInterface: this.storage,\r\n            serverTelemetryManager: serverTelemetryManager,\r\n            clientCredentials: {\r\n                clientSecret: this.clientSecret,\r\n                clientAssertion: this.clientAssertion ? this.getClientAssertion(discoveredAuthority) : undefined,\r\n            },\r\n            libraryInfo: {\r\n                sku: NodeConstants.MSAL_SKU,\r\n                version: version,\r\n                cpu: process.arch || \"\",\r\n                os: process.platform || \"\",\r\n            },\r\n            persistencePlugin: this.config.cache!.cachePlugin,\r\n            serializableCache: this.tokenCache,\r\n        };\r\n    }\r\n\r\n    private getClientAssertion(authority: Authority): { assertion: string, assertionType: string } {\r\n        return {\r\n            assertion: this.clientAssertion.getJwt(this.cryptoProvider, this.config.auth.clientId, authority.tokenEndpoint),\r\n            assertionType: NodeConstants.JWT_BEARER_ASSERTION_TYPE\r\n        };\r\n    }\r\n\r\n    /**\r\n     * Generates a request with the default scopes & generates a correlationId.\r\n     * @param authRequest - BaseAuthRequest for initialization\r\n     */\r\n    protected initializeBaseRequest(authRequest: Partial<BaseAuthRequest>): BaseAuthRequest {\r\n        this.logger.verbose(\"initializeRequestScopes called\");\r\n\r\n        return {\r\n            ...authRequest,\r\n            scopes: [...((authRequest && authRequest.scopes) || []), ...OIDC_DEFAULT_SCOPES],\r\n            correlationId: authRequest && authRequest.correlationId || this.cryptoProvider.createNewGuid(),\r\n            authority: authRequest.authority || this.config.auth.authority!\r\n        };\r\n    }\r\n\r\n    /**\r\n     * Initializes the server telemetry payload\r\n     * @param apiId - Id for a specific request\r\n     * @param correlationId - GUID\r\n     * @param forceRefresh - boolean to indicate network call\r\n     */\r\n    protected initializeServerTelemetryManager(apiId: number, correlationId: string, forceRefresh?: boolean): ServerTelemetryManager {\r\n        const telemetryPayload: ServerTelemetryRequest = {\r\n            clientId: this.config.auth.clientId,\r\n            correlationId: correlationId,\r\n            apiId: apiId,\r\n            forceRefresh: forceRefresh || false\r\n        };\r\n\r\n        return new ServerTelemetryManager(telemetryPayload, this.storage);\r\n    }\r\n\r\n    /**\r\n     * Create authority instance. If authority not passed in request, default to authority set on the application\r\n     * object. If no authority set in application object, then default to common authority.\r\n     * @param authorityString - authority from user configuration\r\n     */\r\n    private async createAuthority(authorityString: string): Promise<Authority> {\r\n        this.logger.verbose(\"createAuthority called\");\r\n        const authorityOptions: AuthorityOptions = {\r\n            protocolMode: this.config.auth.protocolMode!,\r\n            knownAuthorities: this.config.auth.knownAuthorities!,\r\n            cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata!,\r\n            authorityMetadata: this.config.auth.authorityMetadata!\r\n        };\r\n        return await AuthorityFactory.createDiscoveredInstance(authorityString, this.config.system!.networkClient!, this.storage, authorityOptions);\r\n    }\r\n}\r\n","/* eslint-disable header/header */\nexport const name = \"@azure/msal-node\";\nexport const version = \"1.0.0\";\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { ApiId } from \"../utils/Constants\";\r\nimport {\r\n    DeviceCodeClient,\r\n    AuthenticationResult,\r\n    CommonDeviceCodeRequest,\r\n    CommonUsernamePasswordRequest,\r\n    UsernamePasswordClient\r\n} from \"@azure/msal-common\";\r\nimport { Configuration } from \"../config/Configuration\";\r\nimport { ClientApplication } from \"./ClientApplication\";\r\nimport { IPublicClientApplication } from \"./IPublicClientApplication\";\r\nimport { DeviceCodeRequest } from \"../request/DeviceCodeRequest\";\r\nimport { UsernamePasswordRequest } from \"../request/UsernamePasswordRequest\";\r\n\r\n/**\r\n * This class is to be used to acquire tokens for public client applications (desktop, mobile). Public client applications\r\n * are not trusted to safely store application secrets, and therefore can only request tokens in the name of an user.\r\n * @public\r\n */\r\nexport class PublicClientApplication extends ClientApplication implements IPublicClientApplication {\r\n    /**\r\n     * Important attributes in the Configuration object for auth are:\r\n     * - clientID: the application ID of your application. You can obtain one by registering your application with our Application registration portal.\r\n     * - authority: the authority URL for your application.\r\n     *\r\n     * AAD authorities are of the form https://login.microsoftonline.com/\\{Enter_the_Tenant_Info_Here\\}.\r\n     * - If your application supports Accounts in one organizational directory, replace \"Enter_the_Tenant_Info_Here\" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com).\r\n     * - If your application supports Accounts in any organizational directory, replace \"Enter_the_Tenant_Info_Here\" value with organizations.\r\n     * - If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace \"Enter_the_Tenant_Info_Here\" value with common.\r\n     * - To restrict support to Personal Microsoft accounts only, replace \"Enter_the_Tenant_Info_Here\" value with consumers.\r\n     *\r\n     * Azure B2C authorities are of the form https://\\{instance\\}/\\{tenant\\}/\\{policy\\}. Each policy is considered\r\n     * its own authority. You will have to set the all of the knownAuthorities at the time of the client application\r\n     * construction.\r\n     *\r\n     * ADFS authorities are of the form https://\\{instance\\}/adfs.\r\n     */\r\n    constructor(configuration: Configuration) {\r\n        super(configuration);\r\n    }\r\n\r\n    /**\r\n     * Acquires a token from the authority using OAuth2.0 device code flow.\r\n     * This flow is designed for devices that do not have access to a browser or have input constraints.\r\n     * The authorization server issues a DeviceCode object with a verification code, an end-user code,\r\n     * and the end-user verification URI. The DeviceCode object is provided through a callback, and the end-user should be\r\n     * instructed to use another device to navigate to the verification URI to input credentials.\r\n     * Since the client cannot receive incoming requests, it polls the authorization server repeatedly\r\n     * until the end-user completes input of credentials.\r\n     */\r\n    public async acquireTokenByDeviceCode(request: DeviceCodeRequest): Promise<AuthenticationResult | null> {\r\n        this.logger.info(\"acquireTokenByDeviceCode called\");\r\n        const validRequest: CommonDeviceCodeRequest = {\r\n            ...request,\r\n            ...this.initializeBaseRequest(request)\r\n        };\r\n        const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByDeviceCode, validRequest.correlationId!);\r\n        try {\r\n            const deviceCodeConfig = await this.buildOauthClientConfiguration(\r\n                validRequest.authority,\r\n                serverTelemetryManager\r\n            );\r\n            this.logger.verbose(\"Auth client config generated\");\r\n            const deviceCodeClient = new DeviceCodeClient(deviceCodeConfig);\r\n            return deviceCodeClient.acquireToken(validRequest);\r\n        } catch (e) {\r\n            serverTelemetryManager.cacheFailedRequest(e);\r\n            throw e;\r\n        }\r\n    }\r\n\r\n    /**\r\n     * Acquires tokens with password grant by exchanging client applications username and password for credentials\r\n     *\r\n     * The latest OAuth 2.0 Security Best Current Practice disallows the password grant entirely.\r\n     * More details on this recommendation at https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13#section-3.4\r\n     * Microsoft's documentation and recommendations are at:\r\n     * https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows#usernamepassword\r\n     *\r\n     * @param request - UsenamePasswordRequest\r\n     */\r\n    async acquireTokenByUsernamePassword(request: UsernamePasswordRequest): Promise<AuthenticationResult | null> {\r\n        this.logger.info(\"acquireTokenByUsernamePassword called\");\r\n        const validRequest: CommonUsernamePasswordRequest = {\r\n            ...request,\r\n            ...this.initializeBaseRequest(request)\r\n        };\r\n        const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByUsernamePassword, validRequest.correlationId!);\r\n        try {\r\n            const usernamePasswordClientConfig = await this.buildOauthClientConfiguration(\r\n                validRequest.authority,\r\n                serverTelemetryManager\r\n            );\r\n            this.logger.verbose(\"Auth client config generated\");\r\n            const usernamePasswordClient = new UsernamePasswordClient(usernamePasswordClientConfig);\r\n            return usernamePasswordClient.acquireToken(validRequest);\r\n        } catch (e) {\r\n            serverTelemetryManager.cacheFailedRequest(e);\r\n            throw e;\r\n        }\r\n    }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { sign } from \"jsonwebtoken\";\r\nimport { TimeUtils, ClientAuthError } from \"@azure/msal-common\";\r\nimport { CryptoProvider } from \"../crypto/CryptoProvider\";\r\nimport { EncodingUtils } from \"../utils/EncodingUtils\";\r\nimport { JwtConstants } from \"../utils/Constants\";\r\n\r\n/**\r\n * Client assertion of type jwt-bearer used in confidential client flows\r\n * @public\r\n */\r\nexport class ClientAssertion {\r\n\r\n    private jwt: string;\r\n    private privateKey: string;\r\n    private thumbprint: string;\r\n    private expirationTime: number;\r\n    private issuer: string;\r\n    private jwtAudience: string;\r\n    private publicCertificate: Array<string>;\r\n\r\n    /**\r\n     * Initialize the ClientAssertion class from the clientAssertion passed by the user\r\n     * @param assertion - refer https://tools.ietf.org/html/rfc7521\r\n     */\r\n    public static fromAssertion(assertion: string): ClientAssertion {\r\n        const clientAssertion = new ClientAssertion();\r\n        clientAssertion.jwt = assertion;\r\n        return clientAssertion;\r\n    }\r\n\r\n    /**\r\n     * Initialize the ClientAssertion class from the certificate passed by the user\r\n     * @param thumbprint - identifier of a certificate\r\n     * @param privateKey - secret key\r\n     * @param publicCertificate - electronic document provided to prove the ownership of the public key\r\n     */\r\n    public static fromCertificate(thumbprint: string, privateKey: string, publicCertificate?: string): ClientAssertion {\r\n        const clientAssertion = new ClientAssertion();\r\n        clientAssertion.privateKey = privateKey;\r\n        clientAssertion.thumbprint = thumbprint;\r\n        if (publicCertificate) {\r\n            clientAssertion.publicCertificate = this.parseCertificate(publicCertificate);\r\n        }\r\n        return clientAssertion;\r\n    }\r\n\r\n    /**\r\n     * Update JWT for certificate based clientAssertion, if passed by the user, uses it as is\r\n     * @param cryptoProvider - library's crypto helper\r\n     * @param issuer - iss claim\r\n     * @param jwtAudience - aud claim\r\n     */\r\n    public getJwt(cryptoProvider: CryptoProvider, issuer: string, jwtAudience: string) {\r\n        // if assertion was created from certificate, check if jwt is expired and create new one.\r\n        if (this.privateKey && this.thumbprint) {\r\n\r\n            if (this.jwt && !this.isExpired() && issuer === this.issuer && jwtAudience === this.jwtAudience) {\r\n                return this.jwt;\r\n            }\r\n\r\n            return this.createJwt(cryptoProvider, issuer, jwtAudience);\r\n        }\r\n\r\n        /*\r\n         * if assertion was created by caller, then we just append it. It is up to the caller to\r\n         * ensure that it contains necessary claims and that it is not expired.\r\n         */\r\n        if (this.jwt) {\r\n            return this.jwt;\r\n        }\r\n\r\n        throw ClientAuthError.createInvalidAssertionError();\r\n    }\r\n\r\n    /**\r\n     * JWT format and required claims specified: https://tools.ietf.org/html/rfc7523#section-3\r\n     */\r\n    private createJwt(cryptoProvider: CryptoProvider, issuer: string, jwtAudience: string): string {\r\n\r\n        this.issuer = issuer;\r\n        this.jwtAudience = jwtAudience;\r\n        const issuedAt = TimeUtils.nowSeconds();\r\n        this.expirationTime = issuedAt + 600;\r\n\r\n        const header = {\r\n            [JwtConstants.ALGORITHM]: JwtConstants.RSA_256,\r\n            [JwtConstants.X5T]: EncodingUtils.base64EncodeUrl(this.thumbprint, \"hex\")\r\n        };\r\n\r\n        if (this.publicCertificate) {\r\n            Object.assign(header, {\r\n                [JwtConstants.X5C]: this.publicCertificate\r\n            });\r\n        }\r\n\r\n        const payload = {\r\n            [JwtConstants.AUDIENCE]: this.jwtAudience,\r\n            [JwtConstants.EXPIRATION_TIME]: this.expirationTime,\r\n            [JwtConstants.ISSUER]: this.issuer,\r\n            [JwtConstants.SUBJECT]: this.issuer,\r\n            [JwtConstants.NOT_BEFORE]: issuedAt,\r\n            [JwtConstants.JWT_ID]: cryptoProvider.createNewGuid()\r\n        };\r\n\r\n        this.jwt = sign(payload, this.privateKey, { header: header });\r\n        return this.jwt;\r\n    }\r\n\r\n    /**\r\n     * Utility API to check expiration\r\n     */\r\n    private isExpired(): boolean {\r\n        return this.expirationTime < TimeUtils.nowSeconds();\r\n    }\r\n\r\n    /**\r\n     * Extracts the raw certs from a given certificate string and returns them in an array.\r\n     * @param publicCertificate - electronic document provided to prove the ownership of the public key\r\n     */\r\n    public static parseCertificate(publicCertificate: string): Array<string> {\r\n        /**\r\n         * This is regex to identify the certs in a given certificate string.\r\n         * We want to look for the contents between the BEGIN and END certificate strings, without the associated newlines.\r\n         * The information in parens \"(.+?)\" is the capture group to represent the cert we want isolated.\r\n         * \".\" means any string character, \"+\" means match 1 or more times, and \"?\" means the shortest match.\r\n         * The \"g\" at the end of the regex means search the string globally, and the \"s\" enables the \".\" to match newlines.\r\n         */\r\n        const regexToFindCerts = /-----BEGIN CERTIFICATE-----\\n(.+?)\\n-----END CERTIFICATE-----/gs;\r\n        const certs: string[] = [];\r\n\r\n        let matches;\r\n        while ((matches = regexToFindCerts.exec(publicCertificate)) !== null) {\r\n            // matches[1] represents the first parens capture group in the regex.\r\n            certs.push(matches[1].replace(/\\n/, \"\"));\r\n        }\r\n\r\n        return certs;\r\n    }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { ClientApplication } from \"./ClientApplication\";\r\nimport { Configuration } from \"../config/Configuration\";\r\nimport { ClientAssertion } from \"./ClientAssertion\";\r\nimport { ApiId } from \"../utils/Constants\";\r\nimport {\r\n    ClientCredentialClient,\r\n    OnBehalfOfClient,\r\n    CommonClientCredentialRequest,\r\n    CommonOnBehalfOfRequest,\r\n    AuthenticationResult,\r\n    StringUtils,\r\n    ClientAuthError } from \"@azure/msal-common\";\r\nimport { IConfidentialClientApplication } from \"./IConfidentialClientApplication\";\r\nimport { OnBehalfOfRequest } from \"../request/OnBehalfOfRequest\";\r\nimport { ClientCredentialRequest } from \"../request/ClientCredentialRequest\";\r\n\r\n/**\r\n *  This class is to be used to acquire tokens for confidential client applications (webApp, webAPI). Confidential client applications\r\n *  will configure application secrets, client certificates/assertions as applicable\r\n * @public\r\n */\r\nexport class ConfidentialClientApplication extends ClientApplication implements IConfidentialClientApplication{\r\n\r\n    /**\r\n     * Constructor for the ConfidentialClientApplication\r\n     *\r\n     * Required attributes in the Configuration object are:\r\n     * - clientID: the application ID of your application. You can obtain one by registering your application with our application registration portal\r\n     * - authority: the authority URL for your application.\r\n     * - client credential: Must set either client secret, certificate, or assertion for confidential clients. You can obtain a client secret from the application registration portal.\r\n     *\r\n     * In Azure AD, authority is a URL indicating of the form https://login.microsoftonline.com/\\{Enter_the_Tenant_Info_Here\\}.\r\n     * If your application supports Accounts in one organizational directory, replace \"Enter_the_Tenant_Info_Here\" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com).\r\n     * If your application supports Accounts in any organizational directory, replace \"Enter_the_Tenant_Info_Here\" value with organizations.\r\n     * If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace \"Enter_the_Tenant_Info_Here\" value with common.\r\n     * To restrict support to Personal Microsoft accounts only, replace \"Enter_the_Tenant_Info_Here\" value with consumers.\r\n     *\r\n     * In Azure B2C, authority is of the form https://\\{instance\\}/tfp/\\{tenant\\}/\\{policyName\\}/\r\n     * Full B2C functionality will be available in this library in future versions.\r\n     *\r\n     * @param Configuration - configuration object for the MSAL ConfidentialClientApplication instance\r\n     */\r\n    constructor(configuration: Configuration) {\r\n        super(configuration);\r\n        this.setClientCredential(this.config);\r\n    }\r\n\r\n    /**\r\n     * Acquires tokens from the authority for the application (not for an end user).\r\n     */\r\n    public async acquireTokenByClientCredential(request: ClientCredentialRequest): Promise<AuthenticationResult | null> {\r\n        this.logger.info(\"acquireTokenByClientCredential called\");\r\n        const validRequest: CommonClientCredentialRequest = {\r\n            ...request,\r\n            ...this.initializeBaseRequest(request)\r\n        };\r\n        const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByClientCredential, validRequest.correlationId, validRequest.skipCache);\r\n        try {\r\n            const clientCredentialConfig = await this.buildOauthClientConfiguration(\r\n                validRequest.authority,\r\n                serverTelemetryManager\r\n            );\r\n            this.logger.verbose(\"Auth client config generated\");\r\n            const clientCredentialClient = new ClientCredentialClient(clientCredentialConfig);\r\n            return clientCredentialClient.acquireToken(validRequest);\r\n        } catch(e) {\r\n            serverTelemetryManager.cacheFailedRequest(e);\r\n            throw e;\r\n        }\r\n    }\r\n\r\n    /**\r\n     * Acquires tokens from the authority for the application.\r\n     *\r\n     * Used in scenarios where the current app is a middle-tier service which was called with a token\r\n     * representing an end user. The current app can use the token (oboAssertion) to request another\r\n     * token to access downstream web API, on behalf of that user.\r\n     *\r\n     * The current middle-tier app has no user interaction to obtain consent.\r\n     * See how to gain consent upfront for your middle-tier app from this article.\r\n     * https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow#gaining-consent-for-the-middle-tier-application\r\n     */\r\n    public async acquireTokenOnBehalfOf(request: OnBehalfOfRequest): Promise<AuthenticationResult | null> {\r\n        this.logger.info(\"acquireTokenOnBehalfOf called\");\r\n        const validRequest: CommonOnBehalfOfRequest = {\r\n            ...request,\r\n            ...this.initializeBaseRequest(request)\r\n        };\r\n        const clientCredentialConfig = await this.buildOauthClientConfiguration(\r\n            validRequest.authority\r\n        );\r\n        this.logger.verbose(\"Auth client config generated\");\r\n        const oboClient = new OnBehalfOfClient(clientCredentialConfig);\r\n        return oboClient.acquireToken(validRequest);\r\n    }\r\n\r\n    private setClientCredential(configuration: Configuration): void {\r\n\r\n        const clientSecretNotEmpty = !StringUtils.isEmpty(configuration.auth.clientSecret!);\r\n        const clientAssertionNotEmpty = !StringUtils.isEmpty(configuration.auth.clientAssertion!);\r\n        const certificate = configuration.auth.clientCertificate!;\r\n        const certificateNotEmpty = !StringUtils.isEmpty(certificate.thumbprint) || !StringUtils.isEmpty(certificate.privateKey);\r\n\r\n        // Check that at most one credential is set on the application\r\n        if (\r\n            clientSecretNotEmpty && clientAssertionNotEmpty ||\r\n            clientAssertionNotEmpty && certificateNotEmpty ||\r\n            clientSecretNotEmpty && certificateNotEmpty) {\r\n            throw ClientAuthError.createInvalidCredentialError();\r\n        }\r\n\r\n        if (clientSecretNotEmpty) {\r\n            this.clientSecret = configuration.auth.clientSecret!;\r\n            return;\r\n        }\r\n\r\n        if (clientAssertionNotEmpty) {\r\n            this.clientAssertion = ClientAssertion.fromAssertion(configuration.auth.clientAssertion!);\r\n            return;\r\n        }\r\n\r\n        if (!certificateNotEmpty) {\r\n            throw ClientAuthError.createInvalidCredentialError();\r\n        } else {\r\n            this.clientAssertion = ClientAssertion.fromCertificate(certificate.thumbprint, certificate.privateKey, configuration.auth.clientCertificate?.x5c);\r\n        }\r\n    }\r\n}\r\n"],"names":["HttpMethod","runtime","exports","Op","Object","prototype","hasOwn","hasOwnProperty","$Symbol","Symbol","iteratorSymbol","iterator","asyncIteratorSymbol","asyncIterator","toStringTagSymbol","toStringTag","define","obj","key","value","defineProperty","enumerable","configurable","writable","err","wrap","innerFn","outerFn","self","tryLocsList","generator","create","Generator","context","Context","_invoke","state","method","arg","Error","undefined","done","delegate","delegateResult","maybeInvokeDelegate","ContinueSentinel","sent","_sent","dispatchException","abrupt","record","tryCatch","type","makeInvokeMethod","fn","call","GeneratorFunction","GeneratorFunctionPrototype","IteratorPrototype","this","getProto","getPrototypeOf","NativeIteratorPrototype","values","Gp","defineIteratorMethods","forEach","AsyncIterator","PromiseImpl","previousPromise","callInvokeWithMethodAndArg","resolve","reject","invoke","result","__await","then","unwrapped","error","TypeError","info","resultName","next","nextLoc","pushTryEntry","locs","entry","tryLoc","catchLoc","finallyLoc","afterLoc","tryEntries","push","resetTryEntry","completion","reset","iterable","iteratorMethod","isNaN","length","i","doneResult","constructor","displayName","isGeneratorFunction","genFun","ctor","name","mark","setPrototypeOf","__proto__","awrap","async","Promise","iter","toString","keys","object","reverse","pop","skipTempReset","prev","charAt","slice","stop","rootRecord","rval","exception","handle","loc","caught","hasCatch","hasFinally","finallyEntry","complete","finish","catch","thrown","delegateYield","module","regeneratorRuntime","accidentalStrictMode","Function","ApiId","CharSet","HttpClient","sendGetRequestAsync","url","options","request","GET","headers","validateStatus","axios","response","body","data","status","sendPostRequestAsync","POST","DEFAULT_AUTH_OPTIONS","clientId","authority","Constants","DEFAULT_AUTHORITY","clientSecret","clientAssertion","clientCertificate","thumbprint","privateKey","x5c","knownAuthorities","cloudDiscoveryMetadata","authorityMetadata","clientCapabilities","protocolMode","ProtocolMode","AAD","DEFAULT_CACHE_OPTIONS","DEFAULT_SYSTEM_OPTIONS","loggerOptions","loggerCallback","piiLoggingEnabled","logLevel","LogLevel","Info","networkClient","getNetworkClient","buildAppConfiguration","cache","system","auth","GuidGenerator","generateGuid","uuidv4","isGuid","guid","test","EncodingUtils","base64Encode","str","encoding","Buffer","from","base64EncodeUrl","replace","base64Decode","base64Str","base64DecodeUrl","PkceGenerator","generatePkceCodes","verifier","generateCodeVerifier","challenge","generateCodeChallengeFromVerifier","buffer","crypto","randomBytes","bufferToCVString","codeVerifier","sha256","createHash","update","digest","charArr","byteLength","join","CryptoProvider","pkceGenerator","createNewGuid","input","getPublicKeyThumbprint","signJwt","Deserializer","deserializeJSONBlob","jsonFile","StringUtils","isEmpty","JSON","parse","deserializeAccounts","accounts","accountObjects","map","serializedAcc","mappedAcc","homeAccountId","home_account_id","environment","realm","localAccountId","local_account_id","username","authorityType","authority_type","clientInfo","client_info","lastModificationTime","last_modification_time","lastModificationApp","last_modification_app","account","AccountEntity","CacheManager","toObject","deserializeIdTokens","idTokens","idObjects","serializedIdT","mappedIdT","credentialType","credential_type","client_id","secret","idToken","IdTokenEntity","deserializeAccessTokens","accessTokens","atObjects","serializedAT","mappedAT","target","cachedAt","cached_at","expiresOn","expires_on","extendedExpiresOn","extended_expires_on","refreshOn","refresh_on","keyId","key_id","tokenType","token_type","accessToken","AccessTokenEntity","deserializeRefreshTokens","refreshTokens","rtObjects","serializedRT","mappedRT","familyId","family_id","refreshToken","RefreshTokenEntity","deserializeAppMetadata","appMetadata","appMetadataObjects","serializedAmdt","mappedAmd","amd","AppMetadataEntity","deserializeAllCache","jsonCache","Account","IdToken","AccessToken","RefreshToken","AppMetadata","Serializer","serializeJSONBlob","stringify","serializeAccounts","accCache","accountEntity","serializeIdTokens","idTCache","idTEntity","serializeAccessTokens","atCache","atEntity","serializeRefreshTokens","rtCache","rtEntity","serializeAppMetadata","amdtCache","amdtEntity","serializeAllCache","inMemCache","NodeStorage","logger","cryptoImpl","registerChangeEmitter","func","changeEmitters","emitChange","cacheToInMemoryCache","inMemoryCache","inMemoryCacheToCache","getCache","getInMemoryCache","verbose","setInMemoryCache","setCache","getItem","verbosePii","setItem","getAccount","accountKey","isAccountEntity","setAccount","generateAccountKey","getIdTokenCredential","idTokenKey","isIdTokenEntity","setIdTokenCredential","generateCredentialKey","getAccessTokenCredential","accessTokenKey","isAccessTokenEntity","setAccessTokenCredential","getRefreshTokenCredential","refreshTokenKey","isRefreshTokenEntity","setRefreshTokenCredential","getAppMetadata","appMetadataKey","isAppMetadataEntity","setAppMetadata","generateAppMetadataKey","getServerTelemetry","serverTelemetrykey","serverTelemetryEntity","ServerTelemetryEntity","isServerTelemetryEntity","setServerTelemetry","serverTelemetryKey","serverTelemetry","getAuthorityMetadata","authorityMetadataEntity","AuthorityMetadataEntity","isAuthorityMetadataEntity","getAuthorityMetadataKeys","getKeys","filter","_this2","isAuthorityMetadata","setAuthorityMetadata","metadata","getThrottlingCache","throttlingCacheKey","throttlingCache","ThrottlingEntity","isThrottlingEntity","setThrottlingCache","removeItem","containsKey","includes","clear","_this3","generateInMemoryCache","generateJsonCache","defaultSerializedCache","TokenCache","storage","cachePlugin","cacheHasChanged","handleChangeEvent","bind","persistence","hasChanged","serialize","finalState","cacheSnapshot","mergeState","deserialize","deserializedCache","overlayDefaults","getKVStore","getAllAccounts","cacheContext","TokenCacheContext","beforeCacheAccess","afterCacheAccess","getAccountByHomeId","allAccounts","accountObj","getAccountByLocalId","removeAccount","generateAccountCacheKey","oldState","currentState","stateAfterRemoval","mergeRemovals","mergeUpdates","newState","newKey","newValue","newValueNotNull","newValueIsObject","newValueIsNotArray","Array","isArray","_this","mergeRemovalsDict","oldKey","passedInCache","ClientApplication","configuration","config","cryptoProvider","Logger","tokenCache","getAuthCodeUrl","validRequest","initializeBaseRequest","responseMode","ResponseMode","QUERY","authenticationScheme","AuthenticationScheme","BEARER","buildOauthClientConfiguration","authClientConfig","authorizationCodeClient","AuthorizationCodeClient","acquireTokenByCode","serverTelemetryManager","initializeServerTelemetryManager","correlationId","acquireToken","cacheFailedRequest","acquireTokenByRefreshToken","refreshTokenClientConfig","refreshTokenClient","RefreshTokenClient","acquireTokenSilent","forceRefresh","silentFlowClient","SilentFlowClient","getTokenCache","getLogger","setLogger","createAuthority","authOptions","discoveredAuthority","cryptoInterface","networkInterface","storageInterface","clientCredentials","getClientAssertion","libraryInfo","sku","version","cpu","process","arch","os","platform","persistencePlugin","serializableCache","assertion","getJwt","tokenEndpoint","assertionType","authRequest","scopes","OIDC_DEFAULT_SCOPES","apiId","ServerTelemetryManager","authorityString","authorityOptions","AuthorityFactory","createDiscoveredInstance","PublicClientApplication","_ClientApplication","acquireTokenByDeviceCode","deviceCodeConfig","deviceCodeClient","DeviceCodeClient","acquireTokenByUsernamePassword","usernamePasswordClientConfig","usernamePasswordClient","UsernamePasswordClient","ClientAssertion","fromAssertion","jwt","fromCertificate","publicCertificate","parseCertificate","issuer","jwtAudience","isExpired","createJwt","ClientAuthError","createInvalidAssertionError","issuedAt","TimeUtils","nowSeconds","expirationTime","header","assign","payload","sign","matches","regexToFindCerts","certs","exec","ConfidentialClientApplication","setClientCredential","acquireTokenByClientCredential","skipCache","clientCredentialConfig","clientCredentialClient","ClientCredentialClient","acquireTokenOnBehalfOf","oboClient","OnBehalfOfClient","clientSecretNotEmpty","clientAssertionNotEmpty","certificate","certificateNotEmpty","createInvalidCredentialError","_configuration$auth$c"],"mappings":"q3BAQYA,mBCDZ,IAAIC,EAAW,SAAUC,GAGvB,IAAIC,EAAKC,OAAOC,UACZC,EAASH,EAAGI,eAEZC,EAA4B,mBAAXC,OAAwBA,OAAS,GAClDC,EAAiBF,EAAQG,UAAY,aACrCC,EAAsBJ,EAAQK,eAAiB,kBAC/CC,EAAoBN,EAAQO,aAAe,gBAE/C,SAASC,EAAOC,EAAKC,EAAKC,GAOxB,OANAf,OAAOgB,eAAeH,EAAKC,EAAK,CAC9BC,MAAOA,EACPE,YAAY,EACZC,cAAc,EACdC,UAAU,IAELN,EAAIC,GAEb,IAEEF,EAAO,GAAI,IACX,MAAOQ,GACPR,EAAS,SAASC,EAAKC,EAAKC,GAC1B,OAAOF,EAAIC,GAAOC,GAItB,SAASM,EAAKC,EAASC,EAASC,EAAMC,GAEpC,IACIC,EAAY1B,OAAO2B,QADFJ,GAAWA,EAAQtB,qBAAqB2B,EAAYL,EAAUK,GACtC3B,WACzC4B,EAAU,IAAIC,EAAQL,GAAe,IAMzC,OAFAC,EAAUK,QAsMZ,SAA0BT,EAASE,EAAMK,GACvC,IAAIG,EA/KuB,iBAiL3B,OAAO,SAAgBC,EAAQC,GAC7B,GAhLoB,cAgLhBF,EACF,MAAM,IAAIG,MAAM,gCAGlB,GAnLoB,cAmLhBH,EAA6B,CAC/B,GAAe,UAAXC,EACF,MAAMC,EAKR,MAoQG,CAAEnB,WAzfPqB,EAyfyBC,MAAM,GA9P/B,IAHAR,EAAQI,OAASA,EACjBJ,EAAQK,IAAMA,IAED,CACX,IAAII,EAAWT,EAAQS,SACvB,GAAIA,EAAU,CACZ,IAAIC,EAAiBC,EAAoBF,EAAUT,GACnD,GAAIU,EAAgB,CAClB,GAAIA,IAAmBE,EAAkB,SACzC,OAAOF,GAIX,GAAuB,SAAnBV,EAAQI,OAGVJ,EAAQa,KAAOb,EAAQc,MAAQd,EAAQK,SAElC,GAAuB,UAAnBL,EAAQI,OAAoB,CACrC,GAnNqB,mBAmNjBD,EAEF,MADAA,EAjNc,YAkNRH,EAAQK,IAGhBL,EAAQe,kBAAkBf,EAAQK,SAEN,WAAnBL,EAAQI,QACjBJ,EAAQgB,OAAO,SAAUhB,EAAQK,KAGnCF,EA5NkB,YA8NlB,IAAIc,EAASC,EAASzB,EAASE,EAAMK,GACrC,GAAoB,WAAhBiB,EAAOE,KAAmB,CAO5B,GAJAhB,EAAQH,EAAQQ,KAjOA,YAFK,iBAuOjBS,EAAOZ,MAAQO,EACjB,SAGF,MAAO,CACL1B,MAAO+B,EAAOZ,IACdG,KAAMR,EAAQQ,MAGS,UAAhBS,EAAOE,OAChBhB,EA/OgB,YAkPhBH,EAAQI,OAAS,QACjBJ,EAAQK,IAAMY,EAAOZ,OA9QPe,CAAiB3B,EAASE,EAAMK,GAE7CH,EAcT,SAASqB,EAASG,EAAIrC,EAAKqB,GACzB,IACE,MAAO,CAAEc,KAAM,SAAUd,IAAKgB,EAAGC,KAAKtC,EAAKqB,IAC3C,MAAOd,GACP,MAAO,CAAE4B,KAAM,QAASd,IAAKd,IAhBjCtB,EAAQuB,KAAOA,EAoBf,IAOIoB,EAAmB,GAMvB,SAASb,KACT,SAASwB,KACT,SAASC,KAIT,IAAIC,EAAoB,GACxBA,EAAkBhD,GAAkB,WAClC,OAAOiD,MAGT,IAAIC,EAAWxD,OAAOyD,eAClBC,EAA0BF,GAAYA,EAASA,EAASG,EAAO,MAC/DD,GACAA,IAA4B3D,GAC5BG,EAAOiD,KAAKO,EAAyBpD,KAGvCgD,EAAoBI,GAGtB,IAAIE,EAAKP,EAA2BpD,UAClC2B,EAAU3B,UAAYD,OAAO2B,OAAO2B,GAWtC,SAASO,EAAsB5D,GAC7B,CAAC,OAAQ,QAAS,UAAU6D,SAAQ,SAAS7B,GAC3CrB,EAAOX,EAAWgC,GAAQ,SAASC,GACjC,OAAOqB,KAAKxB,QAAQE,EAAQC,SAkClC,SAAS6B,EAAcrC,EAAWsC,GAgChC,IAAIC,EAgCJV,KAAKxB,QA9BL,SAAiBE,EAAQC,GACvB,SAASgC,IACP,OAAO,IAAIF,GAAY,SAASG,EAASC,IAnC7C,SAASC,EAAOpC,EAAQC,EAAKiC,EAASC,GACpC,IAAItB,EAASC,EAASrB,EAAUO,GAASP,EAAWQ,GACpD,GAAoB,UAAhBY,EAAOE,KAEJ,CACL,IAAIsB,EAASxB,EAAOZ,IAChBnB,EAAQuD,EAAOvD,MACnB,OAAIA,GACiB,iBAAVA,GACPb,EAAOiD,KAAKpC,EAAO,WACdiD,EAAYG,QAAQpD,EAAMwD,SAASC,MAAK,SAASzD,GACtDsD,EAAO,OAAQtD,EAAOoD,EAASC,MAC9B,SAAShD,GACViD,EAAO,QAASjD,EAAK+C,EAASC,MAI3BJ,EAAYG,QAAQpD,GAAOyD,MAAK,SAASC,GAI9CH,EAAOvD,MAAQ0D,EACfN,EAAQG,MACP,SAASI,GAGV,OAAOL,EAAO,QAASK,EAAOP,EAASC,MAvBzCA,EAAOtB,EAAOZ,KAiCZmC,CAAOpC,EAAQC,EAAKiC,EAASC,MAIjC,OAAOH,EAaLA,EAAkBA,EAAgBO,KAChCN,EAGAA,GACEA,KAkHV,SAAS1B,EAAoBF,EAAUT,GACrC,IAAII,EAASK,EAAS/B,SAASsB,EAAQI,QACvC,QA1TEG,IA0TEH,EAAsB,CAKxB,GAFAJ,EAAQS,SAAW,KAEI,UAAnBT,EAAQI,OAAoB,CAE9B,GAAIK,EAAS/B,SAAiB,SAG5BsB,EAAQI,OAAS,SACjBJ,EAAQK,SArUZE,EAsUII,EAAoBF,EAAUT,GAEP,UAAnBA,EAAQI,QAGV,OAAOQ,EAIXZ,EAAQI,OAAS,QACjBJ,EAAQK,IAAM,IAAIyC,UAChB,kDAGJ,OAAOlC,EAGT,IAAIK,EAASC,EAASd,EAAQK,EAAS/B,SAAUsB,EAAQK,KAEzD,GAAoB,UAAhBY,EAAOE,KAIT,OAHAnB,EAAQI,OAAS,QACjBJ,EAAQK,IAAMY,EAAOZ,IACrBL,EAAQS,SAAW,KACZG,EAGT,IAAImC,EAAO9B,EAAOZ,IAElB,OAAM0C,EAOFA,EAAKvC,MAGPR,EAAQS,EAASuC,YAAcD,EAAK7D,MAGpCc,EAAQiD,KAAOxC,EAASyC,QAQD,WAAnBlD,EAAQI,SACVJ,EAAQI,OAAS,OACjBJ,EAAQK,SAzXVE,GAmYFP,EAAQS,SAAW,KACZG,GANEmC,GA3BP/C,EAAQI,OAAS,QACjBJ,EAAQK,IAAM,IAAIyC,UAAU,oCAC5B9C,EAAQS,SAAW,KACZG,GAoDX,SAASuC,EAAaC,GACpB,IAAIC,EAAQ,CAAEC,OAAQF,EAAK,IAEvB,KAAKA,IACPC,EAAME,SAAWH,EAAK,IAGpB,KAAKA,IACPC,EAAMG,WAAaJ,EAAK,GACxBC,EAAMI,SAAWL,EAAK,IAGxB1B,KAAKgC,WAAWC,KAAKN,GAGvB,SAASO,EAAcP,GACrB,IAAIpC,EAASoC,EAAMQ,YAAc,GACjC5C,EAAOE,KAAO,gBACPF,EAAOZ,IACdgD,EAAMQ,WAAa5C,EAGrB,SAAShB,EAAQL,GAIf8B,KAAKgC,WAAa,CAAC,CAAEJ,OAAQ,SAC7B1D,EAAYqC,QAAQkB,EAAczB,MAClCA,KAAKoC,OAAM,GA8Bb,SAAShC,EAAOiC,GACd,GAAIA,EAAU,CACZ,IAAIC,EAAiBD,EAAStF,GAC9B,GAAIuF,EACF,OAAOA,EAAe1C,KAAKyC,GAG7B,GAA6B,mBAAlBA,EAASd,KAClB,OAAOc,EAGT,IAAKE,MAAMF,EAASG,QAAS,CAC3B,IAAIC,GAAK,EAAGlB,EAAO,SAASA,IAC1B,OAASkB,EAAIJ,EAASG,QACpB,GAAI7F,EAAOiD,KAAKyC,EAAUI,GAGxB,OAFAlB,EAAK/D,MAAQ6E,EAASI,GACtBlB,EAAKzC,MAAO,EACLyC,EAOX,OAHAA,EAAK/D,WAzeTqB,EA0eI0C,EAAKzC,MAAO,EAELyC,GAGT,OAAOA,EAAKA,KAAOA,GAKvB,MAAO,CAAEA,KAAMmB,GAIjB,SAASA,IACP,MAAO,CAAElF,WAzfPqB,EAyfyBC,MAAM,GA+MnC,OA5mBAe,EAAkBnD,UAAY2D,EAAGsC,YAAc7C,EAC/CA,EAA2B6C,YAAc9C,EACzCA,EAAkB+C,YAAcvF,EAC9ByC,EACA3C,EACA,qBAaFZ,EAAQsG,oBAAsB,SAASC,GACrC,IAAIC,EAAyB,mBAAXD,GAAyBA,EAAOH,YAClD,QAAOI,IACHA,IAASlD,GAG2B,uBAAnCkD,EAAKH,aAAeG,EAAKC,QAIhCzG,EAAQ0G,KAAO,SAASH,GAQtB,OAPIrG,OAAOyG,eACTzG,OAAOyG,eAAeJ,EAAQhD,IAE9BgD,EAAOK,UAAYrD,EACnBzC,EAAOyF,EAAQ3F,EAAmB,sBAEpC2F,EAAOpG,UAAYD,OAAO2B,OAAOiC,GAC1ByC,GAOTvG,EAAQ6G,MAAQ,SAASzE,GACvB,MAAO,CAAEqC,QAASrC,IAsEpB2B,EAAsBE,EAAc9D,WACpC8D,EAAc9D,UAAUO,GAAuB,WAC7C,OAAO+C,MAETzD,EAAQiE,cAAgBA,EAKxBjE,EAAQ8G,MAAQ,SAAStF,EAASC,EAASC,EAAMC,EAAauC,QACxC,IAAhBA,IAAwBA,EAAc6C,SAE1C,IAAIC,EAAO,IAAI/C,EACb1C,EAAKC,EAASC,EAASC,EAAMC,GAC7BuC,GAGF,OAAOlE,EAAQsG,oBAAoB7E,GAC/BuF,EACAA,EAAKhC,OAAON,MAAK,SAASF,GACxB,OAAOA,EAAOjC,KAAOiC,EAAOvD,MAAQ+F,EAAKhC,WAuKjDjB,EAAsBD,GAEtBhD,EAAOgD,EAAIlD,EAAmB,aAO9BkD,EAAGtD,GAAkB,WACnB,OAAOiD,MAGTK,EAAGmD,SAAW,WACZ,MAAO,sBAkCTjH,EAAQkH,KAAO,SAASC,GACtB,IAAID,EAAO,GACX,IAAK,IAAIlG,KAAOmG,EACdD,EAAKxB,KAAK1E,GAMZ,OAJAkG,EAAKE,UAIE,SAASpC,IACd,KAAOkC,EAAKjB,QAAQ,CAClB,IAAIjF,EAAMkG,EAAKG,MACf,GAAIrG,KAAOmG,EAGT,OAFAnC,EAAK/D,MAAQD,EACbgE,EAAKzC,MAAO,EACLyC,EAQX,OADAA,EAAKzC,MAAO,EACLyC,IAsCXhF,EAAQ6D,OAASA,EAMjB7B,EAAQ7B,UAAY,CAClBiG,YAAapE,EAEb6D,MAAO,SAASyB,GAcd,GAbA7D,KAAK8D,KAAO,EACZ9D,KAAKuB,KAAO,EAGZvB,KAAKb,KAAOa,KAAKZ,WApgBjBP,EAqgBAmB,KAAKlB,MAAO,EACZkB,KAAKjB,SAAW,KAEhBiB,KAAKtB,OAAS,OACdsB,KAAKrB,SAzgBLE,EA2gBAmB,KAAKgC,WAAWzB,QAAQ2B,IAEnB2B,EACH,IAAK,IAAIb,KAAQhD,KAEQ,MAAnBgD,EAAKe,OAAO,IACZpH,EAAOiD,KAAKI,KAAMgD,KACjBT,OAAOS,EAAKgB,MAAM,MACrBhE,KAAKgD,QAnhBXnE,IAyhBFoF,KAAM,WACJjE,KAAKlB,MAAO,EAEZ,IACIoF,EADYlE,KAAKgC,WAAW,GACLG,WAC3B,GAAwB,UAApB+B,EAAWzE,KACb,MAAMyE,EAAWvF,IAGnB,OAAOqB,KAAKmE,MAGd9E,kBAAmB,SAAS+E,GAC1B,GAAIpE,KAAKlB,KACP,MAAMsF,EAGR,IAAI9F,EAAU0B,KACd,SAASqE,EAAOC,EAAKC,GAYnB,OAXAhF,EAAOE,KAAO,QACdF,EAAOZ,IAAMyF,EACb9F,EAAQiD,KAAO+C,EAEXC,IAGFjG,EAAQI,OAAS,OACjBJ,EAAQK,SApjBZE,KAujBY0F,EAGZ,IAAK,IAAI9B,EAAIzC,KAAKgC,WAAWQ,OAAS,EAAGC,GAAK,IAAKA,EAAG,CACpD,IAAId,EAAQ3B,KAAKgC,WAAWS,GACxBlD,EAASoC,EAAMQ,WAEnB,GAAqB,SAAjBR,EAAMC,OAIR,OAAOyC,EAAO,OAGhB,GAAI1C,EAAMC,QAAU5B,KAAK8D,KAAM,CAC7B,IAAIU,EAAW7H,EAAOiD,KAAK+B,EAAO,YAC9B8C,EAAa9H,EAAOiD,KAAK+B,EAAO,cAEpC,GAAI6C,GAAYC,EAAY,CAC1B,GAAIzE,KAAK8D,KAAOnC,EAAME,SACpB,OAAOwC,EAAO1C,EAAME,UAAU,GACzB,GAAI7B,KAAK8D,KAAOnC,EAAMG,WAC3B,OAAOuC,EAAO1C,EAAMG,iBAGjB,GAAI0C,GACT,GAAIxE,KAAK8D,KAAOnC,EAAME,SACpB,OAAOwC,EAAO1C,EAAME,UAAU,OAG3B,CAAA,IAAI4C,EAMT,MAAM,IAAI7F,MAAM,0CALhB,GAAIoB,KAAK8D,KAAOnC,EAAMG,WACpB,OAAOuC,EAAO1C,EAAMG,gBAU9BxC,OAAQ,SAASG,EAAMd,GACrB,IAAK,IAAI8D,EAAIzC,KAAKgC,WAAWQ,OAAS,EAAGC,GAAK,IAAKA,EAAG,CACpD,IAAId,EAAQ3B,KAAKgC,WAAWS,GAC5B,GAAId,EAAMC,QAAU5B,KAAK8D,MACrBnH,EAAOiD,KAAK+B,EAAO,eACnB3B,KAAK8D,KAAOnC,EAAMG,WAAY,CAChC,IAAI4C,EAAe/C,EACnB,OAIA+C,IACU,UAATjF,GACS,aAATA,IACDiF,EAAa9C,QAAUjD,GACvBA,GAAO+F,EAAa5C,aAGtB4C,EAAe,MAGjB,IAAInF,EAASmF,EAAeA,EAAavC,WAAa,GAItD,OAHA5C,EAAOE,KAAOA,EACdF,EAAOZ,IAAMA,EAET+F,GACF1E,KAAKtB,OAAS,OACdsB,KAAKuB,KAAOmD,EAAa5C,WAClB5C,GAGFc,KAAK2E,SAASpF,IAGvBoF,SAAU,SAASpF,EAAQwC,GACzB,GAAoB,UAAhBxC,EAAOE,KACT,MAAMF,EAAOZ,IAcf,MAXoB,UAAhBY,EAAOE,MACS,aAAhBF,EAAOE,KACTO,KAAKuB,KAAOhC,EAAOZ,IACM,WAAhBY,EAAOE,MAChBO,KAAKmE,KAAOnE,KAAKrB,IAAMY,EAAOZ,IAC9BqB,KAAKtB,OAAS,SACdsB,KAAKuB,KAAO,OACa,WAAhBhC,EAAOE,MAAqBsC,IACrC/B,KAAKuB,KAAOQ,GAGP7C,GAGT0F,OAAQ,SAAS9C,GACf,IAAK,IAAIW,EAAIzC,KAAKgC,WAAWQ,OAAS,EAAGC,GAAK,IAAKA,EAAG,CACpD,IAAId,EAAQ3B,KAAKgC,WAAWS,GAC5B,GAAId,EAAMG,aAAeA,EAGvB,OAFA9B,KAAK2E,SAAShD,EAAMQ,WAAYR,EAAMI,UACtCG,EAAcP,GACPzC,IAKb2F,MAAS,SAASjD,GAChB,IAAK,IAAIa,EAAIzC,KAAKgC,WAAWQ,OAAS,EAAGC,GAAK,IAAKA,EAAG,CACpD,IAAId,EAAQ3B,KAAKgC,WAAWS,GAC5B,GAAId,EAAMC,SAAWA,EAAQ,CAC3B,IAAIrC,EAASoC,EAAMQ,WACnB,GAAoB,UAAhB5C,EAAOE,KAAkB,CAC3B,IAAIqF,EAASvF,EAAOZ,IACpBuD,EAAcP,GAEhB,OAAOmD,GAMX,MAAM,IAAIlG,MAAM,0BAGlBmG,cAAe,SAAS1C,EAAUf,EAAYE,GAa5C,OAZAxB,KAAKjB,SAAW,CACd/B,SAAUoD,EAAOiC,GACjBf,WAAYA,EACZE,QAASA,GAGS,SAAhBxB,KAAKtB,SAGPsB,KAAKrB,SA7rBPE,GAgsBOK,IAQJ3C,GAOsByI,EAAOzI,SAGtC,IACE0I,mBAAqB3I,EACrB,MAAO4I,GAUPC,SAAS,IAAK,yBAAdA,CAAwC7I,iCDluB1C,SAAYD,GACRA,YACAA,cAFJ,CAAYA,IAAAA,OAQL,IAwCK+I,EA5BCC,EAEL,sEA0BR,SAAYD,GACRA,gDACAA,yEACAA,6DACAA,yEACAA,iDACAA,iEANJ,CAAYA,IAAAA,OAYZ,IEpDaE,sDAOHC,+CAAN,WACIC,EACAC,iFAEMC,EAA8B,CAChChH,OAAQrC,EAAWsJ,IACnBH,IAAKA,EACLI,QAASH,GAAWA,EAAQG,QAC5BC,eAAgB,kBAAM,aAGHC,EAAMJ,mCACtB,CACHE,SAFEG,UAEgBH,QAClBI,KAAMD,EAASE,KACfC,OAAQH,EAASG,8GASnBC,gDAAN,WACIX,EACAC,iFAEMC,EAA8B,CAChChH,OAAQrC,EAAW+J,KACnBZ,IAAKA,EACLS,KAAOR,GAAWA,EAAQO,MAAS,GACnCJ,QAASH,GAAWA,EAAQG,QAC5BC,eAAgB,kBAAM,aAGHC,EAAMJ,mCACtB,CACHE,SAFEG,UAEgBH,QAClBI,KAAMD,EAASE,KACfC,OAAQH,EAASG,iHCcvBG,EAAwC,CAC1CC,SAAU,GACVC,UAAWC,YAAUC,kBACrBC,aAAc,GACdC,gBAAiB,GACjBC,kBAAmB,CACfC,WAAY,GACZC,WAAY,GACZC,IAAK,IAETC,iBAAkB,GAClBC,uBAAwB,GACxBC,kBAAmB,GACnBC,mBAAoB,GACpBC,aAAcC,eAAaC,KAGzBC,EAAsC,GAUtCC,EAA4C,CAC9CC,cAT0C,CAC1CC,eAAgB,aAGhBC,mBAAmB,EACnBC,SAAUC,WAASC,MAKnBC,gDC9FOC,iBAAP,kBACW,IAAI1C,QD6Fa0C,6BAahBC,SAEZC,IAAAA,MACAC,IAAAA,aAEO,CACHC,UAAW/B,IALf+B,MAMIF,WAAYX,EAA0BW,GACtCC,YAAaX,EAA2BW,IE1HhD,IAEaE,oCAMFC,aAAP,kBACWC,UAOJC,OAAP,SAAcC,SACQ,6EACDC,KAAKD,SClBjBE,oCAOFC,aAAP,SAAoBC,EAAaC,UACtBC,OAAOC,KAAKH,EAAKC,GAAUtF,SAAS,aAOxCyF,gBAAP,SAAuBJ,EAAaC,UACzBH,EAAcC,aAAaC,EAAKC,GAClCI,QAAQ,KAAM,IACdA,QAAQ,MAAO,KACfA,QAAQ,MAAO,QASjBC,aAAP,SAAoBC,UACTL,OAAOC,KAAKI,EAAW,UAAU5F,SAAS,WAM9C6F,gBAAP,SAAuBD,WACfP,EAAMO,EAAUF,QAAQ,KAAM,KAAKA,QAAQ,KAAM,KAC9CL,EAAIrG,OAAS,GAChBqG,GAAO,WAEJF,EAAcQ,aAAaN,SChC7BS,sDAKHC,6CAAN,2FACUC,EAAWxJ,KAAKyJ,uBAChBC,EAAY1J,KAAK2J,kCAAkCH,qBAClD,CAAEA,SAAAA,EAAUE,UAAAA,2GAMfD,qBAAA,eACEG,EAAqBC,EAAOC,YPZT,IOanBN,EAAmBxJ,KAAK+J,iBAAiBH,UACxCjB,EAAcM,gBAAgBO,MAOjCG,kCAAA,SAAkCK,UAC/BrB,EAAcM,gBACjBjJ,KAAKiK,OAAOD,GAAcxG,SAAS,UACnC,aAQAyG,OAAA,SAAOL,UACJC,EACFK,WP5BD,UO6BCC,OAAOP,GACPQ,YAODL,iBAAA,SAAiBH,WACfS,EAAU,GACP5H,EAAI,EAAGA,EAAImH,EAAOU,WAAY7H,GAAK,EAExC4H,EAAQpI,KAAKoD,EADCuE,EAAOnH,GAAK4C,EAAmB7C,gBAG1C6H,EAAQE,KAAK,UClDfC,+BAKAC,cAAgB,IAAInB,6BAO7BoB,cAAA,kBACWrC,EAAcC,kBAOzBM,aAAA,SAAa+B,UACFhC,EAAcC,aAAa+B,MAOtCxB,aAAA,SAAawB,UACFhC,EAAcQ,aAAawB,MAMtCpB,kBAAA,kBACWvJ,KAAKyK,cAAclB,uBAM9BqB,uBAAA,iBACU,IAAIhM,MAAM,8BAMpBiM,QAAA,iBACU,IAAIjM,MAAM,iCCtDXkM,oCAKFC,oBAAP,SAA2BC,UACGC,cAAYC,QAAQF,GACxC,GACAG,KAAKC,MAAMJ,MAQdK,oBAAP,SAA2BC,OACjBC,EAA+B,UACjCD,GACA7O,OAAOgH,KAAK6H,GAAUE,KAAI,SAAUjO,OAC1BkO,EAAgBH,EAAS/N,GACzBmO,EAAY,CACdC,cAAeF,EAAcG,gBAC7BC,YAAaJ,EAAcI,YAC3BC,MAAOL,EAAcK,MACrBC,eAAgBN,EAAcO,iBAC9BC,SAAUR,EAAcQ,SACxBC,cAAeT,EAAcU,eAC7BnJ,KAAMyI,EAAczI,KACpBoJ,WAAYX,EAAcY,YAC1BC,qBAAsBb,EAAcc,uBACpCC,oBAAqBf,EAAcgB,uBAEjCC,EAAyB,IAAIC,gBACnCC,eAAaC,SAASH,EAAShB,GAC/BH,EAAehO,GAAOmP,KAIvBnB,KAOJuB,oBAAP,SAA2BC,OACjBC,EAA0B,UAC5BD,GACAtQ,OAAOgH,KAAKsJ,GAAUvB,KAAI,SAAUjO,OAC1B0P,EAAgBF,EAASxP,GACzB2P,EAAY,CACdvB,cAAesB,EAAcrB,gBAC7BC,YAAaoB,EAAcpB,YAC3BsB,eAAgBF,EAAcG,gBAC9B9G,SAAU2G,EAAcI,UACxBC,OAAQL,EAAcK,OACtBxB,MAAOmB,EAAcnB,OAEnByB,EAAyB,IAAIC,gBACnCZ,eAAaC,SAASU,EAASL,GAC/BF,EAAUzP,GAAOgQ,KAGlBP,KAOJS,wBAAP,SAA+BC,OACrBC,EAA8B,UAChCD,GACAjR,OAAOgH,KAAKiK,GAAclC,KAAI,SAAUjO,OAC9BqQ,EAAeF,EAAanQ,GAC5BsQ,EAAW,CACblC,cAAeiC,EAAahC,gBAC5BC,YAAa+B,EAAa/B,YAC1BsB,eAAgBS,EAAaR,gBAC7B9G,SAAUsH,EAAaP,UACvBC,OAAQM,EAAaN,OACrBxB,MAAO8B,EAAa9B,MACpBgC,OAAQF,EAAaE,OACrBC,SAAUH,EAAaI,UACvBC,UAAWL,EAAaM,WACxBC,kBAAmBP,EAAaQ,oBAChCC,UAAWT,EAAaU,WACxBC,MAAOX,EAAaY,OACpBC,UAAWb,EAAac,YAEtBC,EAAiC,IAAIC,oBAC3ChC,eAAaC,SAAS8B,EAAad,GACnCF,EAAUpQ,GAAOoR,KAIlBhB,KAOJkB,yBAAP,SAAgCC,OACtBC,EAA+B,UACjCD,GACArS,OAAOgH,KAAKqL,GAAetD,KAAI,SAAUjO,OAC/ByR,EAAeF,EAAcvR,GAC7B0R,EAAW,CACbtD,cAAeqD,EAAapD,gBAC5BC,YAAamD,EAAanD,YAC1BsB,eAAgB6B,EAAa5B,gBAC7B9G,SAAU0I,EAAa3B,UACvBC,OAAQ0B,EAAa1B,OACrB4B,SAAUF,EAAaG,UACvBrB,OAAQkB,EAAalB,OACrBhC,MAAOkD,EAAalD,OAElBsD,EAAmC,IAAIC,qBAC7CzC,eAAaC,SAASuC,EAAcH,GACpCF,EAAUxR,GAAO6R,KAIlBL,KAOJO,uBAAP,SAA8BC,OACpBC,EAAuC,UACzCD,GACA9S,OAAOgH,KAAK8L,GAAa/D,KAAI,SAAUjO,OAC7BkS,EAAiBF,EAAYhS,GAC7BmS,EAAY,CACdpJ,SAAUmJ,EAAepC,UACzBxB,YAAa4D,EAAe5D,YAC5BqD,SAAUO,EAAeN,WAEvBQ,EAAyB,IAAIC,oBACnChD,eAAaC,SAAS8C,EAAKD,GAC3BF,EAAmBjS,GAAOoS,KAI3BH,KAOJK,oBAAP,SAA2BC,SAChB,CACHxE,SAAUwE,EAAUC,QACd/P,KAAKqL,oBAAoByE,EAAUC,SACnC,GACNhD,SAAU+C,EAAUE,QACdhQ,KAAK8M,oBAAoBgD,EAAUE,SACnC,GACNtC,aAAcoC,EAAUG,YAClBjQ,KAAKyN,wBAAwBqC,EAAUG,aACvC,GACNnB,cAAegB,EAAUI,aACnBlQ,KAAK6O,yBAAyBiB,EAAUI,cACxC,GACNX,YAAaO,EAAUK,YACjBnQ,KAAKsP,uBAAuBQ,EAAUK,aACtC,UC9KLC,oCAKFC,kBAAP,SAAyBpK,UACdkF,KAAKmF,UAAUrK,MAOnBsK,kBAAP,SAAyBC,OACflF,EAAoD,UAC1D7O,OAAOgH,KAAK+M,GAAUhF,KAAI,SAAUjO,OAC1BkT,EAAgBD,EAASjT,GAC/B+N,EAAS/N,GAAO,CACZqO,gBAAiB6E,EAAc9E,cAC/BE,YAAa4E,EAAc5E,YAC3BC,MAAO2E,EAAc3E,MACrBE,iBAAkByE,EAAc1E,eAChCE,SAAUwE,EAAcxE,SACxBE,eAAgBsE,EAAcvE,cAC9BlJ,KAAMyN,EAAczN,KACpBqJ,YAAaoE,EAAcrE,WAC3BG,uBAAwBkE,EAAcnE,qBACtCG,sBAAuBgE,EAAcjE,wBAItClB,KAOJoF,kBAAP,SAAyBC,OACf5D,EAAoD,UAC1DtQ,OAAOgH,KAAKkN,GAAUnF,KAAI,SAAUjO,OAC1BqT,EAAYD,EAASpT,GAC3BwP,EAASxP,GAAO,CACZqO,gBAAiBgF,EAAUjF,cAC3BE,YAAa+E,EAAU/E,YACvBuB,gBAAiBwD,EAAUzD,eAC3BE,UAAWuD,EAAUtK,SACrBgH,OAAQsD,EAAUtD,OAClBxB,MAAO8E,EAAU9E,UAIlBiB,KAOJ8D,sBAAP,SAA6BC,OACnBpD,EAA4D,UAClEjR,OAAOgH,KAAKqN,GAAStF,KAAI,SAAUjO,OACzBwT,EAAWD,EAAQvT,GACzBmQ,EAAanQ,GAAO,CAChBqO,gBAAiBmF,EAASpF,cAC1BE,YAAakF,EAASlF,YACtBuB,gBAAiB2D,EAAS5D,eAC1BE,UAAW0D,EAASzK,SACpBgH,OAAQyD,EAASzD,OACjBxB,MAAOiF,EAASjF,MAChBgC,OAAQiD,EAASjD,OACjBE,UAAW+C,EAAShD,SACpBG,WAAY6C,EAAS9C,UACrBG,oBAAqB2C,EAAS5C,kBAC9BG,WAAYyC,EAAS1C,UACrBG,OAAQuC,EAASxC,MACjBG,WAAYqC,EAAStC,cAItBf,KAOJsD,uBAAP,SAA8BC,OACpBnC,EAA8D,UACpErS,OAAOgH,KAAKwN,GAASzF,KAAI,SAAUjO,OACzB2T,EAAWD,EAAQ1T,GACzBuR,EAAcvR,GAAO,CACjBqO,gBAAiBsF,EAASvF,cAC1BE,YAAaqF,EAASrF,YACtBuB,gBAAiB8D,EAAS/D,eAC1BE,UAAW6D,EAAS5K,SACpBgH,OAAQ4D,EAAS5D,OACjB6B,UAAW+B,EAAShC,SACpBpB,OAAQoD,EAASpD,OACjBhC,MAAOoF,EAASpF,UAIjBgD,KAOJqC,qBAAP,SAA4BC,OAClB7B,EAA2D,UACjE9S,OAAOgH,KAAK2N,GAAW5F,KAAI,SAAUjO,OAC3B8T,EAAaD,EAAU7T,GAC7BgS,EAAYhS,GAAO,CACf8P,UAAWgE,EAAW/K,SACtBuF,YAAawF,EAAWxF,YACxBsD,UAAWkC,EAAWnC,aAIvBK,KAOJ+B,kBAAP,SAAyBC,SACd,CACHxB,QAAS/P,KAAKuQ,kBAAkBgB,EAAWjG,UAC3C0E,QAAShQ,KAAK0Q,kBAAkBa,EAAWxE,UAC3CkD,YAAajQ,KAAK6Q,sBAAsBU,EAAW7D,cACnDwC,aAAclQ,KAAKgR,uBAAuBO,EAAWzC,eACrDqB,YAAanQ,KAAKmR,qBAAqBI,EAAWhC,oBCnHjDiC,yBAMGC,EAAgBnL,EAAkBoL,8BACpCpL,EAAUoL,gBAJU,oBACY,KAIjCD,OAASA,sCAOlBE,sBAAA,SAAsBC,QACbC,eAAe5P,KAAK2P,MAM7BE,WAAA,gBACSD,eAAetR,SAAQ,SAAAqR,UAAQA,EAAKhS,KAAK,YAOlDmS,qBAAA,SAAqB7J,OAEX8J,EAA+B,CACjC1G,SAAU,GACVyB,SAAU,GACVW,aAAc,GACdoB,cAAe,GACfS,YAAa,QAGZ,IAAMhS,KAAO2K,KACVA,EAAM3K,aAA0BoP,gBAChCqF,EAAc1G,SAAS/N,GAAO2K,EAAM3K,QACjC,GAAI2K,EAAM3K,aAAgBiQ,gBAC7BwE,EAAcjF,SAASxP,GAAO2K,EAAM3K,QACjC,GAAI2K,EAAM3K,aAAgBqR,oBAC7BoD,EAActE,aAAanQ,GAAO2K,EAAM3K,QACrC,GAAI2K,EAAM3K,aAAgB8R,qBAC7B2C,EAAclD,cAAcvR,GAAO2K,EAAM3K,OACtC,CAAA,KAAI2K,EAAM3K,aAAgBqS,8BAC7BoC,EAAczC,YAAYhS,GAAO2K,EAAM3K,UAMxCyU,KAOXC,qBAAA,SAAqBD,UAELhS,KAAKkS,gBAGVF,EAAc1G,SACd0G,EAAcjF,SACdiF,EAActE,aACdsE,EAAclD,cACdkD,EAAczC,gBAQzB4C,iBAAA,uBACSV,OAAOW,QAAQ,2BAGEpS,KAAK+R,qBAAqB/R,KAAKkS,eAQzDG,iBAAA,SAAiBL,QACRP,OAAOW,QAAQ,+BAGdlK,EAAQlI,KAAKiS,qBAAqBD,QACnCM,SAASpK,QAET4J,gBAMTI,SAAA,uBACST,OAAOW,QAAQ,iCACbpS,KAAKkI,SAOhBoK,SAAA,SAASpK,QACAuJ,OAAOW,QAAQ,sCACflK,MAAQA,OAGR4J,gBAOTS,QAAA,SAAQhV,eACCkU,OAAOe,wBAAwBjV,GAGtByC,KAAKkS,WACN3U,MAQjBkV,QAAA,SAAQlV,EAAaC,QACZiU,OAAOe,wBAAwBjV,OAG9B2K,EAAQlI,KAAKkS,WACnBhK,EAAM3K,GAAOC,OAGR8U,SAASpK,MAOlBwK,WAAA,SAAWC,OACDjG,EAAU1M,KAAKuS,QAAQI,UACzBhG,gBAAciG,gBAAgBlG,GACvBA,EAEJ,QAOXmG,WAAA,SAAWnG,OACDiG,EAAajG,EAAQoG,0BACtBL,QAAQE,EAAYjG,MAO7BqG,qBAAA,SAAqBC,OACXzF,EAAUvN,KAAKuS,QAAQS,UACzBxF,gBAAcyF,gBAAgB1F,GACvBA,EAEJ,QAOX2F,qBAAA,SAAqB3F,OACXyF,EAAazF,EAAQ4F,6BACtBV,QAAQO,EAAYzF,MAO7B6F,yBAAA,SAAyBC,OACf1E,EAAc3O,KAAKuS,QAAQc,UAC7BzE,oBAAkB0E,oBAAoB3E,GAC/BA,EAEJ,QAOX4E,yBAAA,SAAyB5E,OACf0E,EAAiB1E,EAAYwE,6BAC9BV,QAAQY,EAAgB1E,MAOjC6E,0BAAA,SAA0BC,OAChBrE,EAAepP,KAAKuS,QAAQkB,UAC9BpE,qBAAmBqE,qBAAqBtE,GACjCA,EAEJ,QAOXuE,0BAAA,SAA0BvE,OAChBqE,EAAkBrE,EAAa+D,6BAChCV,QAAQgB,EAAiBrE,MAOlCwE,eAAA,SAAeC,OACLtE,EAAiCvP,KAAKuS,QAAQsB,UAChDjE,oBAAkBkE,oBAAoBD,EAAgBtE,GAC/CA,EAEJ,QAOXwE,eAAA,SAAexE,OACLsE,EAAiBtE,EAAYyE,8BAC9BvB,QAAQoB,EAAgBtE,MAOjC0E,mBAAA,SAAmBC,OACTC,EAA+CnU,KAAKuS,QAAQ2B,UAC9DC,GAAyBC,wBAAsBC,wBAAwBH,EAAoBC,GACpFA,EAEJ,QAQXG,mBAAA,SAAmBC,EAA4BC,QACtC/B,QAAQ8B,EAAoBC,MAOrCC,qBAAA,SAAqBlX,OACXmX,EAAmD1U,KAAKuS,QAAQhV,UAClEmX,GAA2BC,0BAAwBC,0BAA0BrX,EAAKmX,GAC3EA,EAEJ,QAMXG,yBAAA,6BACW7U,KAAK8U,UAAUC,QAAO,SAACxX,UACnByX,EAAKC,oBAAoB1X,SASxC2X,qBAAA,SAAqB3X,EAAa4X,QACzB1C,QAAQlV,EAAK4X,MAOtBC,mBAAA,SAAmBC,OACTC,EAAoCtV,KAAKuS,QAAQ8C,UACnDC,GAAmBC,mBAAiBC,mBAAmBH,EAAoBC,GACpEA,EAEJ,QAQXG,mBAAA,SAAmBJ,EAA4BC,QACtC7C,QAAQ4C,EAAoBC,MAQrCI,WAAA,SAAWnY,QACFkU,OAAOe,wBAAwBjV,OAGhCwD,GAAkB,EAChBmH,EAAQlI,KAAKkS,kBAEbhK,EAAM3K,YACD2K,EAAM3K,GACbwD,GAAS,GAITA,SACKuR,SAASpK,QACT4J,cAEF/Q,KAOX4U,YAAA,SAAYpY,UACDyC,KAAK8U,UAAUc,SAASrY,MAMnCuX,QAAA,gBACSrD,OAAOW,QAAQ,iCAGdlK,EAAQlI,KAAKkS,2BACPzV,OAAOgH,KAAKyE,OAM5B2N,MAAA,2BACSpE,OAAOW,QAAQ,0CAGFpS,KAAK8U,UAGbvU,SAAQ,SAAAhD,GACduY,EAAKJ,WAAWnY,WAEfuU,gBAOFiE,sBAAP,SAA6B7N,UAClB4C,EAAa+E,oBAChB/E,EAAaC,oBAAoB7C,OAQlC8N,kBAAP,SAAyBhE,UACd5B,EAAWkB,kBAAkBU,OAlZXpF,gBCf3BqJ,EACO,GADPA,EAEO,GAFPA,EAGW,GAHXA,EAIY,GAJZA,EAKW,GAOJC,wBAQGC,EAAsB1E,EAAgB2E,QACzCC,iBAAkB,OAClBF,QAAUA,OACVA,QAAQxE,sBAAsB3R,KAAKsW,kBAAkBC,KAAKvW,OAC3DoW,SACKI,YAAcJ,QAElB3E,OAASA,6BAMlBgF,WAAA,kBACWzW,KAAKqW,mBAMhBK,UAAA,gBACSjF,OAAOW,QAAQ,mCAChBuE,EAAavG,EAAWkB,kBACxBtR,KAAKmW,QAAQhE,2BAIZlH,cAAYC,QAAQlL,KAAK4W,oBAOrBnF,OAAOW,QAAQ,oCANfX,OAAOW,QAAQ,oCACpBuE,EAAa3W,KAAK6W,WACd1L,KAAKC,MAAMpL,KAAK4W,eAChBD,SAKHN,iBAAkB,EAEhBlL,KAAKmF,UAAUqG,MAO1BG,YAAA,SAAY5O,WACHuJ,OAAOW,QAAQ,8CACfwE,cAAgB1O,EAEhB+C,cAAYC,QAAQlL,KAAK4W,oBAOrBnF,OAAOW,QAAQ,wCAPsB,MACrCX,OAAOW,QAAQ,wCACd2E,EAAoBjM,EAAa+E,oBACnC7P,KAAKgX,gBAAgB7L,KAAKC,MAAMpL,KAAK4W,sBAEpCT,QAAQ9D,iBAAiB0E,OAStCE,WAAA,kBACWjX,KAAKmW,QAAQjE,cAMlBgF,0CAAN,0FAESzF,OAAOW,QAAQ,mCAGZpS,KAAKwW,mCACLW,EAAe,IAAIC,oBAAkBpX,MAAM,YACrCA,KAAKwW,YAAYa,kBAAkBF,mCAEtCnX,KAAKmW,QAAQe,sCAEhBlX,KAAKwW,cAAeW,oCACdnX,KAAKwW,YAAYc,iBAAiBH,kJAW9CI,8CAAN,WAAyB5L,wFACK3L,KAAKkX,2BAAzBM,SACDvM,cAAYC,QAAQS,KAAkB6L,IAAeA,EAAYhV,gDAC3DgV,EAAYzC,QAAO,SAAA0C,UAAcA,EAAW9L,gBAAkBA,KAAe,IAAM,sCAEnF,8GAUT+L,+CAAN,WAA0B3L,wFACI/L,KAAKkX,2BAAzBM,SACDvM,cAAYC,QAAQa,KAAmByL,IAAeA,EAAYhV,gDAC5DgV,EAAYzC,QAAO,SAAA0C,UAAcA,EAAW1L,iBAAmBA,KAAgB,IAAM,sCAErF,8GAQT4L,yCAAN,WAAoBjL,gFACX+E,OAAOW,QAAQ,kCAGZpS,KAAKwW,mCACLW,EAAe,IAAIC,oBAAkBpX,MAAM,YACrCA,KAAKwW,YAAYa,kBAAkBF,eAExChB,QAAQwB,cAAchL,gBAAciL,wBAAwBlL,wBAE7D1M,KAAKwW,cAAeW,oCACdnX,KAAKwW,YAAYc,iBAAiBH,mJAQ5Cb,kBAAA,gBACCD,iBAAkB,KAQnBQ,WAAA,SAAWgB,EAAqBC,QAC/BrG,OAAOW,QAAQ,mDACd2F,EAAoB/X,KAAKgY,cAAcH,EAAUC,UAChD9X,KAAKiY,aAAaF,EAAmBD,MAQxCG,aAAA,SAAaJ,EAAeK,qBAChCzb,OAAOgH,KAAKyU,GAAU3X,SAAQ,SAAC4X,OACrBC,EAAWF,EAASC,MAGrBN,EAASjb,eAAeub,GAItB,KAEGE,EAA+B,OAAbD,EAClBE,EAAuC,iBAAbF,EAC1BG,GAAsBC,MAAMC,QAAQL,GAGtCC,GAAmBC,GAAoBC,GAFR,MAAOV,EAASM,GAG/CO,EAAKT,aAAaJ,EAASM,GAASC,GAEpCP,EAASM,GAAUC,OAbN,OAAbA,IACAP,EAASM,GAAUC,MAiBxBP,KASHG,cAAA,SAAcH,EAAqBK,eAClCzG,OAAOW,QAAQ,wCAQbyF,GACH9H,QARa8H,EAAS9H,QAAU/P,KAAK2Y,kBAA2Cd,EAAS9H,QAASmI,EAASnI,SAAW8H,EAAS9H,QAS/HE,YARiB4H,EAAS5H,YAAcjQ,KAAK2Y,kBAA+Cd,EAAS5H,YAAaiI,EAASjI,aAAe4H,EAAS5H,YASnJC,aARkB2H,EAAS3H,aAAelQ,KAAK2Y,kBAAgDd,EAAS3H,aAAcgI,EAAShI,cAAgB2H,EAAS3H,aASxJF,QARa6H,EAAS7H,QAAUhQ,KAAK2Y,kBAA2Cd,EAAS7H,QAASkI,EAASlI,SAAW6H,EAAS7H,QAS/HG,YARgB0H,EAAS1H,YAAcnQ,KAAK2Y,kBAA+Cd,EAAS1H,YAAa+H,EAAS/H,aAAe0H,EAAS1H,iBAiBlJwI,kBAAA,SAAqBd,EAA6BK,OAChDvB,OAAkBkB,UACxBpb,OAAOgH,KAAKoU,GAAUtX,SAAQ,SAACqY,GACtBV,GAAcA,EAAStb,eAAegc,WAChCjC,EAAWiC,MAGnBjC,KAOHK,gBAAA,SAAgB6B,eACfpH,OAAOW,QAAQ,iDACb,CACHrC,aACOkG,EACA4C,EAAc9I,SAErBC,aACOiG,EACA4C,EAAc7I,SAErBC,iBACOgG,EACA4C,EAAc5I,aAErBC,kBACO+F,EACA4C,EAAc3I,cAErBC,iBACO8F,EACA4C,EAAc1I,oBCjPX2I,wBA6BIC,QACbC,OAAS/Q,EAAsB8Q,QAC/BE,eAAiB,IAAIzO,OACrBiH,OAAS,IAAIyH,SAAOlZ,KAAKgZ,OAAO7Q,OAAQV,cCzEjC,mBACG,cDyEV0O,QAAU,IAAI3E,EAAYxR,KAAKyR,OAAQzR,KAAKgZ,OAAO5Q,KAAK9B,SAAUtG,KAAKiZ,qBACvEE,WAAa,IAAIjD,EAClBlW,KAAKmW,QACLnW,KAAKyR,OACLzR,KAAKgZ,OAAO9Q,MAAOkO,wCAarBgD,0CAAN,WAAqB1T,wFACZ+L,OAAOpQ,KAAK,yBACXgY,OACC3T,EACA1F,KAAKsZ,sBAAsB5T,IAC9B6T,aAAc7T,EAAQ6T,cAAgBC,eAAaC,MACnDC,qBAAsBC,uBAAqBC,kBAEhB5Z,KAAK6Z,8BAChCR,EAAa9S,yBADXuT,cAGDrI,OAAOW,QAAQ,gCACd2H,EAA0B,IAAIC,0BAChCF,qBAEGC,EAAwBX,eAAeC,4GAW5CY,8CAAN,WAAyBvU,0FAChB+L,OAAOpQ,KAAK,6BACXgY,OACC3T,EACA1F,KAAKsZ,sBAAsB5T,IAC9BgU,qBAAsBC,uBAAqBC,SAEzCM,EAAyBla,KAAKma,iCAAiC/U,EAAM6U,mBAAoBZ,EAAae,iCAEzEpa,KAAK6Z,8BAChCR,EAAa9S,UACb2T,iBAFEJ,cAIDrI,OAAOW,QAAQ,gCACd2H,EAA0B,IAAIC,0BAChCF,qBAEGC,EAAwBM,aAAahB,4CAE5Ca,EAAuBI,gJAYzBC,sDAAN,WAAiC7U,0FACxB+L,OAAOpQ,KAAK,qCACXgY,OACC3T,EACA1F,KAAKsZ,sBAAsB5T,IAC9BgU,qBAAsBC,uBAAqBC,SAGzCM,EAAyBla,KAAKma,iCAAiC/U,EAAMmV,2BAA4BlB,EAAae,iCAEzEpa,KAAK6Z,8BACxCR,EAAa9S,UACb2T,iBAFEM,cAID/I,OAAOW,QAAQ,gCACdqI,EAAqB,IAAIC,qBAC3BF,qBAEGC,EAAmBJ,aAAahB,4CAEvCa,EAAuBI,gJAazBK,8CAAN,WAAyBjV,mFACf2T,OACC3T,EACA1F,KAAKsZ,sBAAsB5T,IAC9BkV,aAAclV,EAAQkV,eAAgB,IAGpCV,EAAyBla,KAAKma,iCAAiC/U,EAAMuV,mBAAoBtB,EAAae,cAAef,EAAauB,gCAE/F5a,KAAK6Z,8BACtCR,EAAa9S,UACb2T,iBAEEW,EAAmB,IAAIC,6CAGtBD,EAAiBR,aAAahB,4CAErCa,EAAuBI,gJAQ/BS,cAAA,uBACStJ,OAAOpQ,KAAK,wBACVrB,KAAKmZ,cAMhB6B,UAAA,kBACWhb,KAAKyR,UAOhBwJ,UAAA,SAAUxJ,QACDA,OAASA,KAQFoI,yDAAN,WAAoCtT,EAAmB2T,oFACxDzI,OAAOW,QAAQ,iDAGcpS,KAAKkb,gBAAgB3U,mCAEhD,CACH4U,YAAa,CACT7U,SAAUtG,KAAKgZ,OAAO5Q,KAAK9B,SAC3BC,UALF6U,SAMEjU,mBAAoBnH,KAAKgZ,OAAO5Q,KAAKjB,oBAEzCM,cAAe,CACXC,eAAgB1H,KAAKgZ,OAAO7Q,OAAQV,cAC/BC,eACLC,kBAAmB3H,KAAKgZ,OAAO7Q,OAAQV,cAClCE,mBAET0T,gBAAiBrb,KAAKiZ,eACtBqC,iBAAkBtb,KAAKgZ,OAAO7Q,OAAQJ,cACtCwT,iBAAkBvb,KAAKmW,QACvB+D,uBAAwBA,EACxBsB,kBAAmB,CACf9U,aAAc1G,KAAK0G,aACnBC,gBAAiB3G,KAAK2G,gBAAkB3G,KAAKyb,mBAAmBL,QAAuBvc,GAE3F6c,YAAa,CACTC,IbvNF,eawNEC,QCnQO,QDoQPC,IAAKC,QAAQC,MAAQ,GACrBC,GAAIF,QAAQG,UAAY,IAE5BC,kBAAmBlc,KAAKgZ,OAAO9Q,MAAOkO,YACtC+F,kBAAmBnc,KAAKmZ,uHAIxBsC,mBAAA,SAAmBlV,SAChB,CACH6V,UAAWpc,KAAK2G,gBAAgB0V,OAAOrc,KAAKiZ,eAAgBjZ,KAAKgZ,OAAO5Q,KAAK9B,SAAUC,EAAU+V,eACjGC,cbnOmB,6Da2OjBjD,sBAAA,SAAsBkD,eACvB/K,OAAOW,QAAQ,uCAGboK,GACHC,iBAAcD,GAAeA,EAAYC,QAAW,GAAQC,uBAC5DtC,cAAeoC,GAAeA,EAAYpC,eAAiBpa,KAAKiZ,eAAevO,gBAC/EnE,UAAWiW,EAAYjW,WAAavG,KAAKgZ,OAAO5Q,KAAK7B,eAUnD4T,iCAAA,SAAiCwC,EAAevC,EAAuBQ,UAQtE,IAAIgC,yBAPsC,CAC7CtW,SAAUtG,KAAKgZ,OAAO5Q,KAAK9B,SAC3B8T,cAAeA,EACfuC,MAAOA,EACP/B,aAAcA,IAAgB,GAGkB5a,KAAKmW,YAQ/C+E,2CAAN,WAAsB2B,oFACrBpL,OAAOW,QAAQ,0BACd0K,EAAqC,CACvC1V,aAAcpH,KAAKgZ,OAAO5Q,KAAKhB,aAC/BJ,iBAAkBhH,KAAKgZ,OAAO5Q,KAAKpB,iBACnCC,uBAAwBjH,KAAKgZ,OAAO5Q,KAAKnB,uBACzCC,kBAAmBlH,KAAKgZ,OAAO5Q,KAAKlB,4BAE3B6V,mBAAiBC,yBAAyBH,EAAiB7c,KAAKgZ,OAAO7Q,OAAQJ,cAAgB/H,KAAKmW,QAAS2G,sJE1SrHG,yBAkBGlE,UACRmE,YAAMnE,2CAYGoE,oDAAN,WAA+BzX,0FAC7B+L,OAAOpQ,KAAK,mCACXgY,OACC3T,EACA1F,KAAKsZ,sBAAsB5T,IAE5BwU,EAAyBla,KAAKma,iCAAiC/U,EAAM+X,yBAA0B9D,EAAae,iCAE/Epa,KAAK6Z,8BAChCR,EAAa9S,UACb2T,iBAFEkD,cAID3L,OAAOW,QAAQ,gCACdiL,EAAmB,IAAIC,mBAAiBF,qBACvCC,EAAiBhD,aAAahB,4CAErCa,EAAuBI,gJAezBiD,0DAAN,WAAqC7X,0FAC5B+L,OAAOpQ,KAAK,yCACXgY,OACC3T,EACA1F,KAAKsZ,sBAAsB5T,IAE5BwU,EAAyBla,KAAKma,iCAAiC/U,EAAMmY,+BAAgClE,EAAae,iCAEzEpa,KAAK6Z,8BAC5CR,EAAa9S,UACb2T,iBAFEsD,cAID/L,OAAOW,QAAQ,gCACdqL,EAAyB,IAAIC,yBAAuBF,qBACnDC,EAAuBpD,aAAahB,4CAE3Ca,EAAuBI,iJA9EUxB,GCThC6E,6BAcKC,cAAP,SAAqBxB,OAClBzV,EAAkB,IAAIgX,SAC5BhX,EAAgBkX,IAAMzB,EACfzV,KASGmX,gBAAP,SAAuBjX,EAAoBC,EAAoBiX,OAC5DpX,EAAkB,IAAIgX,SAC5BhX,EAAgBG,WAAaA,EAC7BH,EAAgBE,WAAaA,EACzBkX,IACApX,EAAgBoX,kBAAoB/d,KAAKge,iBAAiBD,IAEvDpX,8BASJ0V,OAAA,SAAOpD,EAAgCgF,EAAgBC,MAEtDle,KAAK8G,YAAc9G,KAAK6G,kBAEpB7G,KAAK6d,MAAQ7d,KAAKme,aAAeF,IAAWje,KAAKie,QAAUC,IAAgBle,KAAKke,YACzEle,KAAK6d,IAGT7d,KAAKoe,UAAUnF,EAAgBgF,EAAQC,MAO9Cle,KAAK6d,WACE7d,KAAK6d,UAGVQ,kBAAgBC,iCAMlBF,UAAA,SAAUnF,EAAgCgF,EAAgBC,gBAEzDD,OAASA,OACTC,YAAcA,MACbK,EAAWC,YAAUC,kBACtBC,eAAiBH,EAAW,UAE3BI,UAAM,IhBnBP,UgBmBO,IAEYhW,EAAcM,gBAAgBjJ,KAAK6G,WAAY,UAGnE7G,KAAK+d,mBACLthB,OAAOmiB,OAAOD,UAAd,IACwB3e,KAAK+d,0BAI3Bc,UAAO,IACgB7e,KAAKke,cADrB,IAEuBle,KAAK0e,iBAF5B,IAGc1e,KAAKie,SAHnB,IAIeje,KAAKie,SAJpB,IAKkBM,IALlB,IAMctF,EAAevO,+BAGrCmT,IAAMiB,OAAKD,EAAS7e,KAAK8G,WAAY,CAAE6X,OAAQA,IAC7C3e,KAAK6d,OAMRM,UAAA,kBACGne,KAAK0e,eAAiBF,YAAUC,gBAO7BT,iBAAP,SAAwBD,WAWvBgB,EAHEC,EAAmB,kIACnBC,EAAkB,GAGwC,QAAxDF,EAAUC,EAAiBE,KAAKnB,KAEpCkB,EAAMhd,KAAK8c,EAAQ,GAAG7V,QAAQ,KAAM,YAGjC+V,QCnHFE,yBAqBGpG,8BACFA,UACDqG,oBAAoB1G,EAAKM,4CAMrBqG,0DAAN,WAAqC3Z,0FACnC+L,OAAOpQ,KAAK,yCACXgY,OACC3T,EACA1F,KAAKsZ,sBAAsB5T,IAE5BwU,EAAyBla,KAAKma,iCAAiC/U,EAAMia,+BAAgChG,EAAae,cAAef,EAAaiG,6BAE3Gtf,KAAK6Z,8BACtCR,EAAa9S,UACb2T,iBAFEqF,cAID9N,OAAOW,QAAQ,gCACdoN,EAAyB,IAAIC,yBAAuBF,qBACnDC,EAAuBnF,aAAahB,4CAE3Ca,EAAuBI,gJAgBlBoF,kDAAN,WAA6Bha,wFAC3B+L,OAAOpQ,KAAK,iCACXgY,OACC3T,EACA1F,KAAKsZ,sBAAsB5T,aAEG1F,KAAK6Z,8BACtCR,EAAa9S,yBADXgZ,cAGD9N,OAAOW,QAAQ,gCACduN,EAAY,IAAIC,mBAAiBL,qBAChCI,EAAUtF,aAAahB,4GAG1B+F,oBAAA,SAAoBrG,OAElB8G,GAAwB5U,cAAYC,QAAQ6N,EAAc3Q,KAAK1B,cAC/DoZ,GAA2B7U,cAAYC,QAAQ6N,EAAc3Q,KAAKzB,iBAClEoZ,EAAchH,EAAc3Q,KAAKxB,kBACjCoZ,GAAuB/U,cAAYC,QAAQ6U,EAAYlZ,cAAgBoE,cAAYC,QAAQ6U,EAAYjZ,eAIzG+Y,GAAwBC,GACxBA,GAA2BE,GAC3BH,GAAwBG,QAClB3B,kBAAgB4B,kCAGtBJ,OACKnZ,aAAeqS,EAAc3Q,KAAK1B,qBAIvCoZ,OACKnZ,gBAAkBgX,EAAgBC,cAAc7E,EAAc3Q,KAAKzB,0BAIvEqZ,QACK3B,kBAAgB4B,0CAEjBtZ,gBAAkBgX,EAAgBG,gBAAgBiC,EAAYlZ,WAAYkZ,EAAYjZ,oBAAYiS,EAAc3Q,KAAKxB,0BAAnBsZ,EAAsCnZ,UAvGtG+R"}